Fraud is a year-round activity, but tax season is fueling an increase in calculated schemes to steal money and personal information through forged messages and other means. Cybersecurity firms have also reported an increase in fraud attempts taking advantage of the conflict in Ukraine – a situation that has fueled fears of possible cyberattacks on US companies via ransomware and other malicious software. You can protect yourself better if you know what’s out there. Here’s a guide.
Avoid the tax fraud
The Internal Revenue Service does not first contact taxpayers via email, text messages, or social media channels to request personal and financial information, including bank account or credit card numbers, passwords, or PINs. Messages requesting that information are deceptive “phishing” attempts to steal money and identities.
In most cases, if the IRS needs your attention, it starts with a regular mail notification through the United States Postal Service.
The IRS doesn’t send unexpected messages about checking returns, sending incentive payments, collecting your taxes, or “cancelling your Social Security number.” An IRS representative can call or visit when a taxpayer has a delinquent account or other tax-related issues. Even then, according to the agency, a written notice is usually sent first.
Scam calls and voice messages with spoofed agency numbers and falsified IRS agent identification are common. Again, the agency usually sends a notice in the mail first. It doesn’t unexpectedly prompt you to discuss tax refunds, threaten arrest by local law enforcement, or demand immediate payment in some specific form. Tax bills are paid to the US Treasury and not directly to “agents” who require money in iTunes or Amazon gift cards, prepaid debit cards, electronic cash or wire transfers.
The Tax Scams/Consumer Alerts page on the official irs.gov site has a long list of current and classic scams. And the site has a guide to verifying genuine IRS agents and identifying legitimate collection agencies.
Donate wisely
Opportunistic scammers are quick to take advantage of natural disasters and humanitarian crises, including the Covid-19 pandemic and the war in Ukraine. Be wary of messages from unknown organizations asking for credit card or cryptocurrency donations – or claiming to be from refugees or members of the military. Crowdfunding campaigns should be avoided or researched thoroughly unless you know the organizer.
Most fraud attempts are easy to spot. Typo-laden messages, impersonal “official correspondence” from Gmail and Yahoo accounts, and voicemail messages left in robotic computer speech are immediate red flags. Fake invoices and fake PayPal announcements remain popular phishing lures.
You can avoid many phishing lures by fine-tuning your email program’s unwanted filters and blocking unwanted calls and text message senders. Let unknown callers go to voicemail. Wirecutter, a Times owned site, has a guide to fighting spam calls.
Make sure your browser is set to block pop-up messages and warn you about malicious sites. Do not install apps from unknown developers and keep antivirus software enabled on your computer. If spam comes in, don’t call the number or open the attachment – it’s probably malware. If you are concerned about an account, open your browser and visit the company’s website, avoiding links in messages.
The Consumer Financial Protection Bureau site has a detailed page on fraud and scams that are currently doing the rounds. And even if you have If you’ve been practicing safe computing for years, you probably have a friend or relative who isn’t as tech-savvy — and could use your help.