Tax Season is prime time for phishing scams and fraud. Phishing (as in “fishing for information” and “hooking” victims) is a scam where Internet fraudsters send e-mail messages to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victim’ identity. Current scams include phony e-mails which claim to come form the IRS and which lure the victims into the scam by telling them that they are due a tax refund.
The IRS periodically alerts taxpayers to, and maintains a list of, phishing schemes using the IRS name, logo or Web site copy. If you’ve received an e-mail, phone call or fax claiming to come from the IRS that seemed a little suspicious, you just may find it on this list.
Fred Touchette, senior security analyst with AppRiver, shared some thoughts about common tax season threats and how to avoid them.
1. The IRS won’t email you
Cyber crooks and phishing scams often use email designed to look as if it came form the IRS. The IRS will not initiate contact with taxpayers by email.
2. The IRS won’t ask for your PIN
You may receive solicitations by email, text message, or even an actual phone call claiming to be the IRS and requesting your PIN or credit card information. The IRS will never do this.
3. Beware links and attachments
This should be standard operating procedure. Never click on any links or open any attachments in emails from unfamiliar sources. In fact, think twice about clicking any from even known sources unless you know up front what it is.
4. Don’t use public hotspots
This is also sage advice any time of year. Limit public Wi-Fi hotspot use to innocuous activities like reading the news or checking the weather. Never use a public hotspot to log into accounts or access sensitive information because anyone else using the network could intercept your credentials or data.
5. Always log out
Make sure you log out of sensitive sites and services. If you don’t, another user may still have access to your information if they use that same computer after you.
6. No children allowed
Many attacks and phishing scams are targeted specifically at kid-oriented sites and services. Don’t use a PC that your children play on to file your taxes online because there is a higher likelihood that it may be compromised in some way.
7. Be Skeptical
If it seems too good to be true, it is. Just delete suspicious messages. Viewing or opening them may expose you to exploits. If it’s legitimate or important, whoever sent it will contact you again.
8. Look for the padlock
Before you start entering a bunch of sensitive tax data, look for the padlock icon on your Web browser. It indicates that you’re using a secure, encrypted HTTPS connection rather than the standard HTTP.
9. Use strong, unique passwords
This is another evergreen tip. Make sure you choose passwords that are difficult to crack or guess, and use different passwords for each site or service to make sure a compromised password at one site doesn’t compromise all of your accounts.
10. Limit your exposure
One last piece of common sense advice: Use basic security tools to limit your exposure to threats and exploits. There will always be security concerns, but you can minimize your risk by using reliable security tools to monitor and block threats.
If you receive a suspicious email that claims to come from the IRS, you can relay that email to the new IRS mailbox, firstname.lastname@example.org – Instructions for submitting phishing emails to the IRS. The IRS can use the information, URLs and links in the suspicious email you send to trace the hosting Web site and alert authorities to help shut down the fraudulent sites.