Are You A Victim of An IRS Phishing Scam?
Tax season has come and gone, yet there is an ever-present threat that affects taxpayers year-round – online scams. While the summertime activity “fishing” may be on your mind this time of year, but we’re here to discuss a more threatening issue — “phishing”. This is where scammers send you a very real-looking email or website to attempt to obtain your personal information.
What is Phishing?
You hear the term “phishing” a lot, but what exactly is it? Phishing is a scam carried out via unsolicited emails or via websites that pose as legitimate companies. They lure unsuspecting victims to provide personal and financial information, like your name, credit card information, and even Social Security number. According to AgingCare.com, “they attempt to gain your trust so you will take the recommended action.”
In fact, scammers want you to download malicious attachments via email or click on links because they are often corrupt, meaning scammers can install malware on your device and take personal information, send out emails to your contacts, or gain remote access to your computer.
Detecting IRS Phishing Scams
Believe it or not, phishing attempts are difficult to detect. For one, online predators often use a legitimate company’s sender name, website, logo, and is often branded similarly to the legitimate company. “The malicious actors are getting more sophisticated in the phishing realm and are starting to establish a rapport with the victim prior to sending the malicious email,” remarks H&R Block’s Cyber Forensics Investigator Jonathan Salazar. “They will send a non-malicious email asking a question or such and then send the malicious link or file.” Here are some ways to spot a phishing email:
- Compare the email sender’s name to their email address (Example: John Smith <bill_Williams@abc.com>)
- Examine the “to” line and verify the email was sent to you
- Carefully examine the email address and file extension of attachments.
- Review links by hovering the mouse over them
- Be suspicious of non-personalized emails addressed to you, like “Dear Customer”
- Watch for spelling or grammar mistakes in the email
- Be suspicious of emails requiring immediate action or request personal information, or emails that are too good to be true
IRS Phishing Scams
Have you gotten an email claiming to be from the IRS? IRS phishing (and phone scams) have become a widespread threat. IRS phishing scam artists attempt to take your personal information and file a fraudulent tax return in your name, claiming YOUR tax return.
Know that the IRS will never communicate via unsolicited email, so if you receive an email from the IRS, do not click on the links, open the attachments, or respond in any way to the sender.
What To Do If You Are a Victim
There are a series of steps you should take if you are a victim of an IRS phishing scam:
1: Disconnect your computer from the Internet: Disconnecting from the Internet will prevent the malware from sending information from your device and will also prevent someone from remotely accessing your device.
2: Back-up your computer files: Get a portable USB or hard drive in case your files are compromised.
3: Scan your computer: Install anti-virus on your computer and scan it to remove malware.
4: Connect with an expert: Connect with a tax professional at H&R Block who can help answer questions about contact with the IRS and assist you. They will instruct you to file Form 14039.
5: Use Tax Identity Shield®: If you’ve already been notified that a fraudulent tax return was filed in your name, you can speak to a tax professional about Tax Identity Victim Restoration Assistance, a program available through Tax Identity Shield®.
(If you are an existing user, log onto MyBlock and check your credit score. If you are not a current user, learn more about it here.)
6: Contact the IRS: As a final measure of precaution, you can report the incident of the IRS phone scam online, forward the email as is at email@example.com, or call the Treasury Inspector General for Tax Administration at 1-800-366-4484.
“In today’s world, everyone is a target and all it takes is one click to become a victim,” notes Salazar. Information is power. The more we work together to identify and alert other customers about phishing scams, the safer everyone will be.
Was this topic helpful?