It’s tax time – again! As we all work hard to ensure our taxes are properly prepared, cybercriminals are using this time to their advantage to claim their own returns through “IRS-related” scams. Hackers know people are in a rush to get their returns and are more likely to fall victim to tax-related scams than at any other time of the year.
It’s important for everyone, not just business owners, to stay up to date on the latest scams and best practices to avoid becoming one of the estimated 15 million people that will fall victim to identity theft in the U.S. this year.
Why Do You Need To Worry About Tax Scams?
Cybercriminals are looking for a quick payday, and the tax season offers ample opportunities for hackers to intercept the personal data needed to properly file taxes, such as social security numbers, EINs, if you’re a business owner, addresses, bank account information, and more.
If hackers can get their hands on that data, it can have devastating effects, such as waking up to find they’ve drained your bank account, sold your information on the dark web, or even opened credit cards in your name and then maxed them out.
Although tax scams occur year-round, they peak during the tax season in the United States. Last year, 61% of the tax scams reported to the BBB’s Scam Tracker were discovered in the first four months of the year, with identity fraud being the most common type of fraud. More than 650,000 identity theft reports were submitted to the FTC last year.
3 Common Scams Hackers Use During Tax Season
Let’s look at 3 of the most common types of tax scams you may encounter, and how you can avoid becoming a victim this tax season.
1. Tax-Related Identity Theft
Cybercriminals are looking to claim your tax refund for themselves and all they need in your personal information to do it. Once they have information like your social security number, birthdate, address (which they can likely buy off the dark web if you haven’t been careful), they can file a tax return in your name and collect the refund.
Hackers get this information through different means, but one popular way is sending you fake emails that look like the IRS and are asking you to update your tax filing information so they can process your return quickly.
Once you enter your correct information, they will turn around and use it to file your tax return.
This isn’t just a pre-filing scam, either! Hackers will also send emails suggesting that you have a larger return than expected waiting, and all they need to send it to you is a copy of your passport and a utility bill or credit card statement with a correct address. Always enter information through the secure portal on the IRS website.
There are a few ways you can tell if this has happened to you:
- You file a tax return by mail or online and it’s rejected with a note that they’ve already accepted a return connected to your social security number
- The IRS sends you a transcript that you never requested
- You create an account online and are told there has already been an account with your social security number created, but you didn’t make the account
These events require immediate action! You can report it to the IRS using Form 14039. There is more information on how to handle this at www.IRS.gov
At the end of the day, remember this – do not fill out any forms online from an email. If the IRS needs your information, it can be updated through a secure platform on the IRS official website.
2. Phishing Scams
This is the easiest way for hackers to get into your network. Hackers will send emails claiming that your account or tax return is locked or restricted, and in order to release your refund and have it processed, you need to “click the link and follow the instructions.” They also occasionally pose as tax software such as TurboTax! Once you click these links looking for further instructions, hackers have the power to install malware onto your computer.
If that doesn’t work, hackers will test out the attachment method. One popular way they do this is by sending an email saying that your payment has been deducted from your account and they can download the attachment outlining the transaction. When you download the document, it installs malicious software onto your computer.
The IRS will not email you asking you for this information. Do NOT click on any links like this or download any reports. Make sure all email addresses are legit! Hackers are known to change the letters in the address to make it look like it’s the official site.
For example, instead of ‘irs.gov’ they might use ‘irs.org’ or switch the ‘i’ for an ‘l’ that looks like a capital ‘i’. They are sneaky, so you must be wary.
3. Gift Card Scams
Hackers know that people are fearful of getting in trouble with the IRS, so they use this to their advantage. If you receive an email saying that you didn’t file correctly and now owe money, or that you’ve missed a deadline and owe a penalty and must send a gift card with the owed amount immediately – it is a scam.
The IRS will never ask you to pay using gift cards. If you get a letter like this, report it immediately.
How To Remain Safe From Hackers During Tax Season
Here are a few tips to keep in mind when dealing with unsolicited communications this year and every year from now on.
- Taxpayer communications with the IRS are never initiated via email. They will send you notices in the mail.
- Whenever you are addressed as “taxpayer”, “sir”, “madam” or “US citizen”, you can be sure that an email is fake. The IRS will use your name.
- Be cautious of ALL tax-related emails, not just IRS scams. Hackers will also pose as popular tax software like TurboTax.
- The IRS never sends links or attachments asking you to pay extra money, download a payment transaction, or update filing information.
- Personal documents should never be scanned in response to unsolicited emails.
- If you receive an email from the IRS purporting to be from the IRS, forward that email to firstname.lastname@example.org
If you’re looking for ways to stay safe from cybercriminals, get in touch with our team. We can assist with security systems for your network, spam filtering, and monitoring your network to make sure anything that slips through the cracks is resolved immediately.