Tuesday, April 13, 2021
  • Hybrid IAM and Cloud Steer Maersk Toward Improved Experiences and Cost Savings
  • The Biggest Breaches and Data Leaks of 2020
  • Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt
  • BSides Philly 2020 – Kyle Sheely’s ‘Lessons From The SOC: Defending Healthcare & Pharma During Covid’
  • Sonrai Among Identity Management Organizations of the Year

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network Social Engineering Threats & Breaches 

Home » Cybersecurity » Data Security » Lookout for Tax Scams

Lookout for Tax Scams

by SEORG on April 8, 2019

With the April 15th filing deadline date just a week away, it’s important to stay vigilant and be on the lookout for tax scams. For most of us tax season is an anxious time, and criminals are eager to take advantage of our anxiety.  

During peak filing season scammers work overtime, using fake emails, websites, and spoofed phone numbers, hoping to steal our identity and money. According to the “Dirty Dozen” list published by the Internal Revenue Service (IRS), phishing and vishing continue to be the top methods used by criminals to scam us. When it comes to phishing and vishing tax scams, what should you be on the lookout for? 

Tax Scams to Lookout For

Criminals are using cleverly disguised emails that look like the IRS, such as the Tax Account Transcript scam. In this scam, criminals send emails pretending to be from “IRS Online” with an attachment labeled “Tax Account Transcript” as bait to entice users to open documents containing malware.   

Another phishing scam to lookout for are emails that contain the direction “you are to update your IRS e-file immediately.” This phishing scam includes links to fake websites that impersonate the official IRS website. What should you do if you receive a phishy email? 

What You Should Do with a Phishy Email

Did you know the IRS does not initiate contact through unsolicited emails for personal or financial information?  So, what should you do if you receive one of these phishing tax scams? The IRS recommends the following: 

  • Do not open the email. 
  • Do not open any attachments or click on any links. They may have malicious code that will infect your computer. 
  • If using an employer’s computer, notify the company’s technology professionals. 
  • Report the phishing email by forwarding it to phishing@irs.gov.   

 

The official IRS website provides a webpage where you can get your personal tax transcript online. You don’t need to be sent a specific link to access the data.  Stay vigilant and be on the lookout for tax scams that arrive via email. 

Tax Scams to Lookout For

The IRS is warning about a new scam where criminals are making unsolicited phone calls claiming to be from the Taxpayer Advocate Service (TAS), an independent organization within the IRS. What makes this scam dangerous is that the criminals are spoofing the phone number of the TAS office making the call look legitimate to the intended victim. The criminals may also use automated calls leaving a phone number for the intended victim to call back. The goal of this scam is to get your personally identifiable information, such as your Social Security number or your individual taxpayer identification number.  

Another tax scam to lookout for is the erroneous refund. This scam involves your real bank account. Here’s how it works. Criminals steal client data from tax practitioner’s computers via phishing or other schemes and file fraudulent tax returns. Now for the twist. The criminals have the tax refund deposited into the victim’s actual bank account. That’s what gives this scam the appearance of legitimacy making it extremely dangerous.  To retrieve the funds criminals are using a variety of phone scams (vishing).  In one version thieves, posing as IRS debt collection agency officers, call the victim to say a refund was deposited by mistake and ask for the victim to forward the money to their bogus collection agency. In another version, victims receive an automated call claiming to be from the IRS. The victim is threatened with fraud charges, an arrest warrant, and suspension of their Social Security benefits. The criminal ends the message by leaving a bogus telephone number for the victim to call. This scam is very dangerous, because it preys on the heightened anxiety taxpayers feel during peak filing season and the fear that most have of the IRS. What should you do if criminals start calling? 

What You Should Do If Criminals Start Calling

The IRS will not initiate contact with you by phone to discuss your account, or to request personal or financial information. And IRS employees will not call demanding immediate payment or threaten you with arrest or legal action. So, what should you do if you start receiving phones calls purportedly from the “IRS?”  

If the caller claims to be with TAS, hang up. It may feel rude, but remember, the IRS will not initiate contact with you by phone to request personal or financial information. If the caller claims to be with the IRS and they say it’s about an erroneous refund, hang up. Think critically. If you know that you have not yet filed a tax return, then you should not have a tax refund from the IRS in your bank account. So, if your bank account is showing a deposit from the IRS, it no doubt means a thief has stolen your identity, filed a fraudulent tax return, and is now calling you to get the money.  The IRS recommends the following actions to return the funds and avoid being scammed.  

If the fraudulent refund is a direct deposit: 

  • Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS. 
  • Call the IRS toll-free at 800-829-1040 (individual) or 800-829-4933 (business) to explain why the direct deposit is being returned. 

If the fraudulent refund is a paper check: 

  • Write “Void” in the endorsement section on the back of the check. 
  • Submit the check immediately to the appropriate IRS location.  
  • Don’t staple, bend, or paper clip the check. 
  • Include a note stating, “Return of erroneous refund check because (and give a brief explanation of the reason for returning the refund check).” 

If you become a victim of the erroneous refund scam, you may find that the tax return you prepare will be rejected, because a return bearing your Social Security number is already on file. If that’s the case, you will need to inform the IRS that you are a victim of a tax preparer data breach. More information and the detailed steps to follow can be found in the Taxpayer Guide to Identity Theft.   

Stay Safe This Tax Season

The April 15th deadline is almost here.  Nearly 1 out of every 2 Americans are at increased risk for tax fraud due to the Equifax breach.  Don’t let thieves and criminals take advantage of the anxiety tax season brings or your fear of the IRS.  Stay vigilant. Be on the lookout for tax scams.  

The IRS will not initiate contact with you by either phone or email to discuss your account, or to request personal or financial information. Additionally, IRS employees will not call demanding immediate payment, or threaten you with arrest or legal action. So, don’t open any emails purporting to be from the IRS, and if you’re not expecting a call from the IRS, hang up.   

Sources:
https://www.irs.gov/newsroom/irs-kicks-off-annual-list-of-most-prevalent-tax-scams-agency-warns-taxpayers-of-pervasive-phishing-schemes-in-its-dirty-dozen-campaign
https://www.irs.gov/newsroom/irs-warns-of-tax-transcript-email-scam-dangers-to-business-networks
https://www.irs.gov/newsroom/tax-scams-consumer-alerts
https://www.irs.gov/individuals/get-transcript
https://www.irs.gov/newsroom/irs-warns-of-new-phone-scam-using-taxpayer-advocate-service-numbers
https://www.irs.gov/newsroom/scam-alert-irs-urges-taxpayers-to-watch-out-for-erroneous-refunds-beware-of-fake-calls-to-return-money-to-a-collection-agency
https://www.social-engineer.org/framework/attack-vectors/vishing/
https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft
https://www.social-engineer.com/stay-safe-tax-season-equifax/ 

Image:
www.social-engineer.org

The post Lookout for Tax Scams appeared first on Security Through Education.


Recent Articles By Author
  • In the Name of Psychology
  • DEF CON® Kids: Preparing Them for the Future
  • The Danny Ocean of Social Engineer’s
More from SEORG

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by SEORG. Read the original post at: https://www.social-engineer.org/general-blog/lookout-for-tax-scams/

April 8, 2019April 8, 2019 SEORG Data breach, dirty dozen, Equifax, General Social Engineer Blog, IRS, Lookout for tax scams, Phishing, Phishing Tax Scams to Lookout For, Stay Safe This Tax Season, tax scams, vishing, Vishing Tax Scams to Lookout For, What You Can Do
  • ← User-Friendly Fuzzing with Sienna Locomotive
  • Cloud Security Myth vs. Fact #1: My Provider Protects My Data →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Understanding EtterSilent and the Cybercrime Supply Chain
Should You Hire a Computer Forensics Specialist?
Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)
Visibility, Context, Automation are Key to Security Control
Nation-State Cyberthreats Persist
What is Cyber Risk?
2021 Malware Trends: What We Should Expect
Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021
Don’t Put Off Cybersecurity Incident Response Planning
A lesson in cybersecurity for school districts

Upcoming Webinars

Wed 14

AppSec Risk: You Can’t Manage What You Can’t Measure

April 14 @ 1:00 pm - 2:00 pm
Thu 15

The Age of Collaborative Security

April 15 @ 11:00 am - 12:00 pm
Fri 16

Expect More From Your AppSec Vendor

April 16 @ 1:00 pm - 2:00 pm
Wed 21

Managing Open Policy Agent at Scale

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Salesforce DevSecOps: Avoiding Arrested Development
Application Security Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Salesforce DevSecOps: Avoiding Arrested Development

April 13, 2021 Waqas Nazir | 16 hours ago 0
Identity Management Day: Cybercriminals No Longer Hack in, They Log In
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Identity Management Day: Cybercriminals No Longer Hack in, They Log In

April 12, 2021 Brad Shewmake | Yesterday 0
Visibility, Context, Automation are Key to Security Control
CISO Suite Cloud Security Cybersecurity Data Security Endpoint Industry Spotlight Network Security Security Boulevard (Original) 

Visibility, Context, Automation are Key to Security Control

April 12, 2021 Ron Davidson | Yesterday 0

Top Stories

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)
Analytics & Intelligence Application Security AppSec Cyberlaw Cybersecurity Deep Fake and Other Social Engineering Tactics Endpoint Featured Governance, Risk & Compliance Identity & Access Identity and Access Management Incident Response IoT & ICS Security Malware Network Security News Securing the Edge Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)

April 12, 2021 Richi Jennings | Yesterday 0
Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Analytics & Intelligence Application Security AppSec Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’

April 8, 2021 Richi Jennings | Apr 08 0
Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL
Analytics & Intelligence Application Security Cybersecurity Data Security Endpoint Featured Identity & Access Malware Mobile Security News Security Boulevard (Original) Spotlight 

Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL

April 5, 2021 Richi Jennings | Apr 05 0

Security Humor

via     the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

Joy Of Tech® ‘Genetic Test Waiver’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.