Fraud is a year-round activity, but tax season brings with it a surge in calculated schemes to steal money and personal information through fake news and other means. Cybersecurity firms have also reported an increase in scams exploiting the conflict in Ukraine – a situation that has raised fears of potential cyberattacks on American businesses by ransomware and other malicious software. You can protect yourself better if you know what’s out there. Here’s a guide.
Avoid the tax fraud
The Internal Revenue Service does not make initial contact with taxpayers via email, text messages, or social media channels to request personal and financial information — including bank account or credit card numbers, passwords, or PIN codes. Messages asking for this information are fraudulent “phishing” attempts to steal money and identities.
In most cases, when the IRS needs your attention, it begins with a notification in the mail through the United States Postal Service.
The IRS will not send unexpected messages about auditing tax returns, sending stimulus payments, collecting your taxes, or “cancelling your social security number.” An IRS representative may call or visit when a taxpayer has a past-due bill or other tax-related issues. But even then, written notification is usually sent first, according to the agency.
Fraudulent phone calls and voice messages using fake agency numbers and fake IRS agent identifications are rampant. Here, too, the agency usually first sends a notification by post. It doesn’t call unexpectedly to discuss tax refunds, threaten arrest by local law enforcement, or demand immediate payment in some form. Tax bills are paid to the US Treasury Department and not directly to “agents” who require funds in the form of iTunes or Amazon gift cards, prepaid debit cards, electronic cash, or wire transfer.
The Tax Fraud/Consumer Alerts page on the official irs.gov website has a long list of current and classic scams. And the site includes a guide to verifying real IRS agents and identifying legitimate debt collectors.
Opportunistic scammers are quick to take advantage of natural disasters and humanitarian crises, including the Covid-19 pandemic and the war in Ukraine. Be suspicious of messages from unknown organizations soliciting donations by credit card or cryptocurrency — or claiming to be from refugees or members of the military. Crowdfunding campaigns should be avoided or scrutinized unless you know the organizer.
Most scams are easy to spot. Typo-laden messages, impersonal “official correspondence” from Gmail and Yahoo accounts, and voicemail messages left in robotic computer language are instant red flags. Fake invoices and fake PayPal notifications remain popular phishing lures.
You can avoid many phishing lures by optimizing your email program’s junk filters and blocking unwanted calls and text senders. Have unknown callers sent to voicemail. Wirecutter, a website owned by The Times, has a guide to combating spam calls.
Make sure your browser is set to block pop-up messages and warn about malicious websites. Do not install apps from unknown developers and keep antivirus software enabled on your computer. If spam comes through, don’t call the number or open the attachment – it’s probably malware. If you have a concern about an account, open your browser and go to the company’s website. Avoid links in messages.
The Consumer Financial Protection Bureau’s website has a detailed page on scams and scams that are currently circulating. And even if you have If you’ve been practicing secure computing for years, chances are you have a friend or relative who isn’t as tech-savvy — who could use your help.