The easiest way for an identity thief to steal information is by simply asking for it, according to the Internal Revenue Service.
The IRS and Security Summit partners are warning taxpayers to be on the lookout for phishing scams that can increase around tax season.
“Each day people fall victim to phishing scams through emails, texts, or phone and mistakenly turn over important data,” according to the IRS. “In turn, cybercriminals try to use that data to file fraudulent tax returns or commit other crimes.”
Emails, texts, or phone calls asking for personal information such as social security numbers, PIN numbers, or information about taxes should raise a red flag.
Emails frequently contain links or attachments that may lead to fake websites or download malware.
“When people click on these email links, they are taken to sites designed to imitate an official-looking website, such as IRS.gov,” according to the IRS.
“The sites ask for Social Security numbers and other personal information, which could be used to help file false tax returns. The sites also may carry malware, which can infect people’s computers and allow criminals to access your files or track your keystrokes to gain information.”
The “Taxes. Security. Together.” campaign urges people to avoid giving out personal information based on an unsolicited email request.
According to the IRS, the campaign calls for taxpayers take the time to examine, identify and avoid emails that:
• Contain a link.
• Contain an attachment.
• Are from a “government” agency or “financial institution.”
• Are from a “friend.”
• Contain a false “lookalike” URL.
Links can lead to spoofing sites that look like a legitimate website. If unsure go directly to actual website before trying to access the account.
Attachments can contain malware or spyware that can track keystrokes and steal personal information. The IRS advise against opening attachments from unknown sources.
Scammers frequently use “government” agencies or a “financial institutions” to imitate to frighten people into opening the attachments or click on the link.
URLs can be included in an email that look similar the a legitimate site so instead of IRS.gov it may look more like irs.govmaliciousname.com.
“To verify the authenticity, a recipient can place their cursor over the text to view a pop-up of the real URL,” according to the IRS.
Scammers can use phone calls to steal information as well.
Calls can range from “winning a trip to the bahamas” to “your computer has malware and we need to fix it”.
According to the IRS website, when in doubt do not give personal information over the phone, hang up immediately.