Monday, July 15, 2019
  • Getting Over MFA Implementation Hesitation
  • Quick Hit: A Different (Diminutive) Look At Distributions With {ggeconodist}
  • Is Directory-as-a-Service Reliable?
  • Avast researcher finds apparent Android app scam
  • How to Prevent Insider Data Breaches at your Business

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network Social Engineering Threats & Breaches 

Home » Cybersecurity » Data Security » Lookout for Tax Scams

Lookout for Tax Scams

by SEORG on April 8, 2019

With the April 15th filing deadline date just a week away, it’s important to stay vigilant and be on the lookout for tax scams. For most of us tax season is an anxious time, and criminals are eager to take advantage of our anxiety.  

During peak filing season scammers work overtime, using fake emails, websites, and spoofed phone numbers, hoping to steal our identity and money. According to the “Dirty Dozen” list published by the Internal Revenue Service (IRS), phishing and vishing continue to be the top methods used by criminals to scam us. When it comes to phishing and vishing tax scams, what should you be on the lookout for? 

Tax Scams to Lookout For

Criminals are using cleverly disguised emails that look like the IRS, such as the Tax Account Transcript scam. In this scam, criminals send emails pretending to be from “IRS Online” with an attachment labeled “Tax Account Transcript” as bait to entice users to open documents containing malware.   

Another phishing scam to lookout for are emails that contain the direction “you are to update your IRS e-file immediately.” This phishing scam includes links to fake websites that impersonate the official IRS website. What should you do if you receive a phishy email? 

What You Should Do with a Phishy Email

Did you know the IRS does not initiate contact through unsolicited emails for personal or financial information?  So, what should you do if you receive one of these phishing tax scams? The IRS recommends the following: 

  • Do not open the email. 
  • Do not open any attachments or click on any links. They may have malicious code that will infect your computer. 
  • If using an employer’s computer, notify the company’s technology professionals. 
  • Report the phishing email by forwarding it to phishing@irs.gov.   

 

The official IRS website provides a webpage where you can get your personal tax transcript online. You don’t need to be sent a specific link to access the data.  Stay vigilant and be on the lookout for tax scams that arrive via email. 

Tax Scams to Lookout For

The IRS is warning about a new scam where criminals are making unsolicited phone calls claiming to be from the Taxpayer Advocate Service (TAS), an independent organization within the IRS. What makes this scam dangerous is that the criminals are spoofing the phone number of the TAS office making the call look legitimate to the intended victim. The criminals may also use automated calls leaving a phone number for the intended victim to call back. The goal of this scam is to get your personally identifiable information, such as your Social Security number or your individual taxpayer identification number.  

Another tax scam to lookout for is the erroneous refund. This scam involves your real bank account. Here’s how it works. Criminals steal client data from tax practitioner’s computers via phishing or other schemes and file fraudulent tax returns. Now for the twist. The criminals have the tax refund deposited into the victim’s actual bank account. That’s what gives this scam the appearance of legitimacy making it extremely dangerous.  To retrieve the funds criminals are using a variety of phone scams (vishing).  In one version thieves, posing as IRS debt collection agency officers, call the victim to say a refund was deposited by mistake and ask for the victim to forward the money to their bogus collection agency. In another version, victims receive an automated call claiming to be from the IRS. The victim is threatened with fraud charges, an arrest warrant, and suspension of their Social Security benefits. The criminal ends the message by leaving a bogus telephone number for the victim to call. This scam is very dangerous, because it preys on the heightened anxiety taxpayers feel during peak filing season and the fear that most have of the IRS. What should you do if criminals start calling? 

What You Should Do If Criminals Start Calling

The IRS will not initiate contact with you by phone to discuss your account, or to request personal or financial information. And IRS employees will not call demanding immediate payment or threaten you with arrest or legal action. So, what should you do if you start receiving phones calls purportedly from the “IRS?”  

If the caller claims to be with TAS, hang up. It may feel rude, but remember, the IRS will not initiate contact with you by phone to request personal or financial information. If the caller claims to be with the IRS and they say it’s about an erroneous refund, hang up. Think critically. If you know that you have not yet filed a tax return, then you should not have a tax refund from the IRS in your bank account. So, if your bank account is showing a deposit from the IRS, it no doubt means a thief has stolen your identity, filed a fraudulent tax return, and is now calling you to get the money.  The IRS recommends the following actions to return the funds and avoid being scammed.  

If the fraudulent refund is a direct deposit: 

  • Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS. 
  • Call the IRS toll-free at 800-829-1040 (individual) or 800-829-4933 (business) to explain why the direct deposit is being returned. 

If the fraudulent refund is a paper check: 

  • Write “Void” in the endorsement section on the back of the check. 
  • Submit the check immediately to the appropriate IRS location.  
  • Don’t staple, bend, or paper clip the check. 
  • Include a note stating, “Return of erroneous refund check because (and give a brief explanation of the reason for returning the refund check).” 

If you become a victim of the erroneous refund scam, you may find that the tax return you prepare will be rejected, because a return bearing your Social Security number is already on file. If that’s the case, you will need to inform the IRS that you are a victim of a tax preparer data breach. More information and the detailed steps to follow can be found in the Taxpayer Guide to Identity Theft.   

Stay Safe This Tax Season

The April 15th deadline is almost here.  Nearly 1 out of every 2 Americans are at increased risk for tax fraud due to the Equifax breach.  Don’t let thieves and criminals take advantage of the anxiety tax season brings or your fear of the IRS.  Stay vigilant. Be on the lookout for tax scams.  

The IRS will not initiate contact with you by either phone or email to discuss your account, or to request personal or financial information. Additionally, IRS employees will not call demanding immediate payment, or threaten you with arrest or legal action. So, don’t open any emails purporting to be from the IRS, and if you’re not expecting a call from the IRS, hang up.   

Sources:
https://www.irs.gov/newsroom/irs-kicks-off-annual-list-of-most-prevalent-tax-scams-agency-warns-taxpayers-of-pervasive-phishing-schemes-in-its-dirty-dozen-campaign
https://www.irs.gov/newsroom/irs-warns-of-tax-transcript-email-scam-dangers-to-business-networks
https://www.irs.gov/newsroom/tax-scams-consumer-alerts
https://www.irs.gov/individuals/get-transcript
https://www.irs.gov/newsroom/irs-warns-of-new-phone-scam-using-taxpayer-advocate-service-numbers
https://www.irs.gov/newsroom/scam-alert-irs-urges-taxpayers-to-watch-out-for-erroneous-refunds-beware-of-fake-calls-to-return-money-to-a-collection-agency
https://www.social-engineer.org/framework/attack-vectors/vishing/
https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft
https://www.social-engineer.com/stay-safe-tax-season-equifax/ 

Image:
www.social-engineer.org

The post Lookout for Tax Scams appeared first on Security Through Education.



Recent Articles By Author
  • Social-Engineer Newsletter Vol 09 – Issue 118
  • Social-Engineer Newsletter Vol 09 – Issue 117
  • Social-Engineer Newsletter Vol 09 – Issue 116
More from SEORG

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by SEORG. Read the original post at: https://www.social-engineer.org/general-blog/lookout-for-tax-scams/

April 8, 2019April 8, 2019 SEORG Data breach, dirty dozen, Equifax, General Social Engineer Blog, IRS, Lookout for tax scams, Phishing, Phishing Tax Scams to Lookout For, Stay Safe This Tax Season, tax scams, vishing, Vishing Tax Scams to Lookout For, What You Can Do
  • ← Security for Subsidiaries: 4 Lessons Learned From the Toyota Breach
  • Cloud Security Myth vs. Fact #1: My Provider Protects My Data →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

OK Google, Stop Eavesdropping on Me!
A Closer Look at IoT Security Solutions
Summer Security: Hackers Don’t Take Time Off
Serialization: Protecting Enterprise Critical Applications
Report Shines Light on Extent of SMB Insecurity
What is a Man-in-the-Middle Attack and How To Avoid It?
Much like Amazon Prime Day, digital assistant and IoT device security is an epic deal
Workday Credentials: Exciting Times for Identity and Authentication Assurance Vendors?
“Glass-box” Solutions Are Critical For Cybersecurity Reporting To Executive Management
Cybercrime Risk Calculator | Avast Business

Upcoming Webinars

Tue 23

You’re Bleeding. Exposing the Attack Surface in your Supply Chain

July 23 @ 1:00 pm - 2:00 pm
Tue 30

A Practical Approach to Security Automation

July 30 @ 1:00 pm - 2:00 pm
Wed 31

Get Your Secure Development Initiatives in Shape: a 30, 60, 90-day Approach

July 31 @ 11:00 am - 12:00 pm
Wed 31

Get Your Secure Development Initiatives in Shape: a 30, 60, 90-day Approach

July 31 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

How to manage SAP-User Accounts and Access Rights with Identity Manager

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Network Security: SD-WAN for the Network Edge
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Network Security: SD-WAN for the Network Edge

July 15, 2019 Michelle Arney | Yesterday 0
Serialization: Protecting Enterprise Critical Applications
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Serialization: Protecting Enterprise Critical Applications

July 12, 2019 John Matthew Holt | 3 days ago 0
A Closer Look at IoT Security Solutions
Cybersecurity Industry Spotlight IoT & ICS Security Security Boulevard (Original) 

A Closer Look at IoT Security Solutions

July 11, 2019 Harnil Oza | 4 days ago 0

Top Stories

OK Google, Stop Eavesdropping on Me!
Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance IoT & ICS Security News Security Boulevard (Original) Spotlight 

OK Google, Stop Eavesdropping on Me!

July 12, 2019 Richi Jennings | 3 days ago 0
Astaroth-Dropper Trojan Hides in Plain Sight
Application Security Cybersecurity Data Security Featured Malware News Security Boulevard (Original) Spotlight 

Astaroth-Dropper Trojan Hides in Plain Sight

July 9, 2019 Richi Jennings | Jul 09 0
Federal Facial Recognition by Stealth – With Zero Oversight
Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight Threats & Breaches 

Federal Facial Recognition by Stealth – With Zero Oversight

July 8, 2019 Richi Jennings | Jul 08 0

Security Humor

via   the Comic Noggins of  Nitrozac  and  Snaggy  at  The Joy of Tech®

The Joy of Tech®, ‘You’re A Minor Wizard Billy’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.