Scams: Coming soon to a tax season near you
With tax season just around the corner, it’s time to start gathering your important documents, remembering your TurboTax login or calling your accountant, and thinking more about your digital security.
Each year, cyber criminals increase their efforts during tax season. A 2017 IBM security brief reported tax-themed scam emails designed to steal personal information increased by 6,000 percent between December 2016 and February 2017.
During tax season, there is also traditionally a rise in other types of scams. Scam scenarios are created to be unassuming, off-putting, scary, or a combination thereof. They’re designed to steal your personal information, your money, your online identity, and/or your network of contacts, at the very least, in order to commit fraud.
Here are a few common schemes to watch out for:
Scammers create false websites, crafted to appear valid or mimic legitimate and well-known sites as a front to collect your IDs, passwords, and other personal information.
How to identify a fake website
The URL or links may not be correct, the site might not be secure (for instance, include “https://” in the URL instead of just “http://), there might be misspellings or contact information may seem “fishy.”
How to protect yourself
If you file your taxes online or through a software, be sure to visit your tax service’s website directly in your browser, rather than depending on email links or reminders. Some scam sites try to look like the “real deal” as much as possible. Be careful where and how you share your personal information and documents.
Phone scams attempting to get you to share private tax data or credit card numbers proliferate during tax time.
How to identify a phony phone call
Phone scams sometimes spoof actual numbers, claim to be from entities such as the IRS or the local police, and threaten immediate legal action such as arrest or deportation.
How to protect yourself
If you receive a phone call that seems illegitimate or in which you are being harassed, ask the caller to verify their name and organization. Then look them up and call the organization they said they were from. Note, the IRS will never threaten to immediately involve local law enforcement or demand that you pay any bills on the spot. They will not ask for credit or debit card numbers over email or phone. In general, the IRS will initiate contact with you via mail.
Emails such as this are designed to imitate IRS correspondence or messages from tax software like TurboTax and may look real.
How to identify a phishing email
Learn how to spot a scam email and report it to the University.
How to protect yourself
If you receive a tax-themed email, be mindful of who the sender claims to be. Remember, the IRS will never communicate with taxpayers via email regarding charges or refunds. Before you click, reply, or send money, look up the actual IRS and contact them yourself to confirm their “request.”
Three ways to protect yourself against tax fraud:
The proliferation of these many types of scams results in an increase in fraud. If you fall for a tax scam, there is the potential that somehow, someone has gotten hold of your W2 and personal information and filed a fraudulent tax return in your name (and thus receiving a potential refund instead of you).
Here are the top 3 ways you safeguard yourself, your information, and your refund:
- Use two-factor authentication wherever possible to protect your digital information. At the University of Minnesota, Duo Security (the U's two-factor authentication provider) will become required for faculty, staff, and students at the UMN Sign-in page over the course of 12 months: from November 2018 to November 2019. Duo adds an extra layer of security in front of University applications that may hold your personal information such as your W2 and direct deposit accounts. With Duo enabled, if someone attempts to access your W2, you can stop them with just a tap on your mobile device. The requirement takes effect at the time of one's annual password reset date. If you want Duo Security in front of your accounts sooner, you can opt in today! Learn more.
- Familiarize yourself with the telltale signs of scams or phishing emails. Learn how to spot a scam email and report it to the University. University Information Security also maintains a blog of recent phishing attempts that target the University to help keep the community updated. If you receive a phishing email, be sure to report it right away to [email protected], flag it as spam in Gmail, and delete the message.
- File early. If you file your tax returns as early as possible, criminals can’t file a second time or overwrite what you’ve already sent in. Be careful who you choose to help you file your taxes and where you share your information such as social security numbers. Filing early ensures that your documentation is correct, your identity hasn’t been stolen, and if you receive a refund, that it ends up in the right hands.