Does that email you just opened look a little off? Contain a link or an attachment? If in doubt, don’t click – it could be scammers trying to steal your personal information or take over your computer.
The Internal Revenue Service is cautioning taxpayers to avoid identity theft by watching out for “phishing” scams that can increase around tax season.
It’s called phishing because thieves attempt to lure victims in by impersonating friends, legitimate businesses or government agencies such as the IRS and state tax agencies.
Opening a phishing email and clicking on a link or attachment is one of the most common ways people have their personal information stolen. Cybercriminals can use the stolen data to file fraudulent tax returns or commit other crimes.
Scam emails are common around tax time and are designed to trick taxpayers into thinking they are official communications from the IRS, state agencies or others in the tax industry, including tax software companies.
These phishing schemes can ask taxpayers for information related to tax refunds or filing status, personal information, PIN numbers or request that victims verify their tax software account.
Variations of these scams can be seen via text messages and the misleading communications can be seen in every section of the country, officials state.
When people click on links in phishing emails, they are taken to sites designed to imitate an official-looking website, such as IRS.gov.
The sites ask for Social Security numbers and other personal information, which could be used to help file false tax returns. The sites also may carry malware, which can infect people’s computers and allow criminals to access your files or track your keystrokes to gain information.
Recognize a phishing scam
Taxpayers are urged to use caution and avoid emails that:
Contain a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. These scams may claim they need the recipient to update their account or request they change a password. The email offers a link to a spoofed, or fake, website that may look similar to a legitimate website. Taxpayers should follow a simple rule: Don’t click on the link. If in doubt, go directly to the legitimate website to access the account.
Contain an attachment. Scammers often include an attachment to the email which may be infected with malware that can download malicious software onto the recipient’s computer without their knowledge. Similarly, spyware can track the recipient’s keystrokes to obtain information about their passwords, Social Security number, credit cards or other sensitive data. Remember, don’t open attachments from unknown sources.
Claim to be from a government agency or a financial institution. Scammers attempt to frighten people into opening email links by posing as government agencies, financial institutions and even tax companies. Thieves often try to imitate the official organizations, especially tax-related ones during the filing season.
Appear to be from a friend, but seem odd. Scammers can hack email accounts and then use the stolen email addresses. Recipients may receive an email that appears to be from a friend but doesn’t seem quite right: it may be missing a subject line or contain odd requests or language. If the email seems odd, avoid clicking on links or opening attachments.
Contain a false, lookalike URLs. The sending email may try to trick the recipient with the URL or web address. For example, instead of www.IRS.gov, it may be a fake lookalike such as www.irs.gov.maliciousname.com. To verify the authenticity of the web address, the recipient can place their cursor over the text to view a pop-up of the real URL.