News & Alerts
Scams: Coming soon to a tax season near you
With tax season just around the corner, it’s time to start gathering your important documents, remembering your TurboTax login or calling your accountant, and thinking more about your digital security.
Each year, cyber criminals increase their efforts during tax season. A 2017 IBM security brief reported tax-themed scam emails designed to steal personal information increased by 6,000 percent between December 2016 and February 2017.
During tax season, there is also traditionally a rise in other types of scams. Scam scenarios are created to be unassuming, off-putting, scary, or a combination thereof. They’re designed to steal your personal information, your money, your online identity, and/or your network of contacts, at the very least, in order to commit fraud.
Here are a few common schemes to watch out for:
Scammers create false websites, crafted to appear valid or mimic legitimate and well-known sites as a front to collect your IDs, passwords, and other personal information.
How to identify a fake website
The URL or links may not be correct, the site might not be secure (for instance, include “https://” in the URL instead of just “http://), there might be misspellings or contact information may seem “fishy.”
How to protect yourself
If you file your taxes online or through a software, be sure to visit your tax service’s website directly in your browser, rather than depending on email links or reminders. Some scam sites try to look like the “real deal” as much as possible. Be careful where and how you share your personal information and documents.
Phone scams attempting to get you to share private tax data or credit card numbers proliferate during tax time.
How to identify a phony phone call
Phone scams sometimes spoof actual numbers, claim to be from entities such as the IRS or the local police, and threaten immediate legal action such as arrest or deportation.
How to protect yourself
If you receive a phone call that seems illegitimate or in which you are being harassed, ask the caller to verify their name and organization. Then look them up and call the organization they said they were from. Note, the IRS will never threaten to immediately involve local law enforcement or demand that you pay any bills on the spot. They will not ask for credit or debit card numbers over email or phone. In general, the IRS will initiate contact with you via mail.
Emails such as this are designed to imitate IRS correspondence or messages from tax software like TurboTax and may look real.
How to identify a phishing email
Learn how to spot a scam email.
How to protect yourself
If you receive a tax-themed email, be mindful of who the sender claims to be. Remember, the IRS will never communicate with taxpayers via email regarding charges or refunds. Before you click, reply, or send money, look up the actual IRS and contact them yourself to confirm their “request.”
Here are the top three ways to protect yourself against tax fraud:
The proliferation of these many types of scams results in an increase in fraud. If you fall for a tax scam, there is the potential that somehow, someone has gotten hold of your W2 and personal information and filed a fraudulent tax return in your name (and thus receiving a potential refund instead of you).
Here are the top 3 ways you safeguard yourself, your information, and your refund:
- Use two factor authentication wherever possible to protect your digital information. At the University of Minnesota, all employees are eligible to opt-in to Duo, a two-factor authentication service that adds an extra layer of security specifically in front of your University W2 and direct deposit information. If your password is compromised and someone attempts to access your W2, you receive an alert when you are signed up for Duo and you can confirm or deny access. Learn more about two factor authentication and Duo for W2 and Direct Deposit at the University.
- Familiarize yourself with the telltale signs of scams or phishing emails. Learn how to spot a scam. University Information Security also maintains a blog of recent phishing attempts that target the University to help keep the community updated. If you receive a phishing email, be sure to report it right away to firstname.lastname@example.org, flag it as spam in Gmail, and delete the message.
- File early. If you file your tax returns as early as possible, criminals can’t file a second time or overwrite what you’ve already sent in. Be careful who you choose to help you file your taxes and where you share your information such as social security numbers. Filing early ensures that your documentation is correct, your identity hasn’t been stolen, and if you receive a refund, that it ends up in the right hands.