Tax-time is upon us with the July 15th filing deadline, and Americans need to be wary as this is a very lucrative season for cybercriminals. Known for following money trails, cybercriminals leverage tax season to launch attacks designed to steal tax refunds, commit fraud, steal identities, and capture personal information. Our society’s new socially-distant reality also increases overall risk as more people will need to rely on digital communication channels for their tax filing and refunds/payments.
Below are five tips to help reduce your risk:
- Delete any unsolicited email that claims to be from the IRS. Remember the IRS will never contact individuals via email, text message, or social media channels with a request for personal or financial data. Forward any suspicious email to phishing@irs.gov and then delete it from your inbox. Do not reply to these emails.
- Don’t take the call: The IRS will not call you. If someone calls claiming to be from the IRS, do not provide any information; promptly hang up. Taxpayers can view their tax account information online and confirm any money owed there. If you do need to speak with the IRS via phone, you can call them using the phone number listed on the official IRS website, www.irs.gov.
- Don’t fall for the threat tactics: Be wary of any email that is unexpected or pressures you to take immediate action. Cybercriminals will often use urgency and distress to motivate their potential victims to take unsafe actions. Never use any of the links or contact information provided in these messages. If such a message purports to be from your bank, for example, open a new browser window and go directly to the organization’s website. Better yet, simply delete the message from your inbox.
- Pay extra attention to the emails you receive from your accountant or from your tax software company. Review the sender’s address, hover over the address field and if it doesn’t look accurate, do not click on it. Avoid clicking on links in these emails, opening files, and transferring funds based on what the email says. In the case of an individual accountant, we recommend verbally confirming all filing instructions and refund deposit information. For tax software, it’s best to log-in to the system directly to conduct all transactions rather than be routed through a search engine.
- For companies, remind employees that they are possible targets. Use this week as an opportunity to send a reminder email to employees regarding tax-related business email compromise messages and possible phishing attempts. If you have a security awareness training program in place, reinforce best practices learned in the training. If you or your employees suspect identity theft, please visit: https://www.taxadmin.org/state-id-theft-resources.
Anyone can be at risk of being targeted with a tax-related scam—and it’s vital that taxpayers are vigilant to possible threats. For more information on how to report tax-related fraud, please visit the IRS website: https://www.irs.gov/privacy-disclosure/report-phishing, and the following IRS resource for a taxpayer guide on identity theft: https://www.irs.gov/identity-theft-central
Subscribe to the Proofpoint Blog