By: Mike Ruiz

Avoiding Tax Season Scams

Over 300 years ago Christopher Bullock wrote “Tis impossible to be sure of anything but death and taxes!’”  In the modern age there is something to be added to that list – Hackers.   We are once again approaching tax day here in the United States and hackers are attempting to steal your personal information.

According to a recent article in CSO Magazine, over 110 organization and 120,000 individuals have been affected by tax scams so far in 2017. In 2016, the IRS warned of a 400% increase in tax related scams and this year the number of attacks is only expected to increase. While phishing can be used to steal credentials and other information directly, malware attacks can give a foothold to surveil users and networks, and steal all kinds of confidential information. Credit Card numbers, Social Security numbers, and classified corporate information  can be used in a variety of ways from simply being sold on the dark web, to filing false tax returns, or stealing your identity.  Although enterprise security solutions can provide a certain level of protection from these scams, the best protections comes from educating your employees.

3 simple rules to remember that will help protect you from tax scams:

  1. Never click on links in an email to visit the web pages or the IRS, affiliated agencies, or tax preparation services unless you are absolutely certain the email is solicited by you and is truly from the sender.  This can be harder than it seems.

  2. It’s always safest to directly call or visit the website of the IRS, affiliated agencies, or tax preparation services by typing the address into your web browser. If you correctly enter the address (without typos) and have verified it is the proper web address for the agency or company you wish to visit, be sure there is a padlock or secure message in your web browser.  

  3. Never respond to an email or phone call where someone is asking for personal information, call them back at a phone number you can verify from their official website. Do NOT send personal information or credit card numbers in an email.

 

Using tools like email in addition to the phone it has become much easier for hackers to blanket a much larger population of people and this means that being 1 in 300 Million isn’t the best protection.  There are a few simple tips that can drastically improve your security.  First, know that the IRS will NEVER initiate communication with you via email.  These are phishing attacks. Delete them immediately, or forward them to phishing@irs.gov.   These emails will use domains that look similar to IRS.GOV to fool you.  IRS.GOV.com, 1RS.GOV, IRSGov.com, USAgov.com etc are not legitimate.  They will also likely include links to webpages that may even appear to be on the irs.gov, or affiliated, sites.   Any time you are on a webpage asking for Social Security Numbers, PIN numbers, or other personal information, be sure it is a page you directly visited and NOT one you got to by clicking an email, advertisement, or web search.  

Hackers can also try to target you via email by impersonating companies offering to help with filing taxes online,  advocating for tax relief assistance, or offering to help you claim a refund.  The same rules apply.  If it comes in an email and it was unsolicited by you, its safest to delete it then directly reach out to the service you want by directly visiting their webpage or calling them.  

With the general awareness of Internet security increasing, hackers have become more creative.  They have been known to go after HR professionals and tax preparers with content more relevant to their roles.  The tried a true methods such as the fraudulent phone call are still being used as well.  Both live people and automated calls are still happening.  These calls can seem friendly and credible, and they can become threatening.  The IRS will NEVER call you and demand payment over the phone; they will not threaten call the police to arrest you.  Please be sure less tech savvy, or older more vulnerable friends and relatives know to seek you out for assistance and that it’s safe for them to hang up on these fraudulent calls.

 

Authoritative Resources you can rely on this tax season:

The IRS page on Phishing and Scams:

https://www.irs.gov/uac/report-phishing

The IRS page on safe and recommended online and professional tax preparers:

https://www.irs.gov/filing/e-file-options

The official Electronic Federal Tax Payment System

https://www.eftps.gov/

Tips for avoiding online scams

https://www.sec.gov/investor/pubs/phishing.htm


About the Author:

Mike Ruiz
Email: mruiz@zscaler.com
Twitter: @michaelruiz

Learn more about Zscaler.