The holiday season is just around the corner, so the chaotic march to April 15 will be here before we know it. That means preparing to identify and avoid scams now can save tax professionals a headache later.
Combatting cybercriminals can feel like a full-time job (and it is for some people). To help you get an idea of what you could face, we’re breaking down tax scams into three basic categories: phone and letter, email, and malware.
Phone and letter scams
Phone and letter scams are the gold standard of phishing-based fraud. Generally, a phishing scam is perpetrated when criminals impersonate a legitimate person or organization in an effort to trick victims into revealing personally identifiable information (PII), sending money, or downloading malware (generally giving them access to PII or money).
Almost everyone has heard of the Nigerian prince scams— which CNBC notes remain a lucrative criminal enterprise—but tax-related phone and letter scams tend to impersonate government agencies. When they target tax professionals, fraudsters often try to get access to client files. After all, why settle for scamming one person when you can get detailed financial information for hundreds or thousands of people?
Their tactics range from sly appeals to shouted threats, but fraudsters make sure to leverage surprise and fear to get victims to cooperate. When impersonating the IRS, for example, fraudsters have been known to threaten victims with steep fines, arrest, or even the suspension of their Social Security Number (SSN).
Phone and letter scams are still prevalent in 2019, but the increasing number of Internet-connected devices has made email a ripe target.
Phishing emails are the most common type of email scam you can expect to encounter in your inbox. Just like phone and letter scams, fraudsters use phishing emails to get their hands on information and money. If you were to sit down with a forthright scam artist, they would probably admit that the advantage of digital scams is their immediacy.
Emails can contain a number of traps that only require a single click to affect victims. Aside from tricking victims into instantly providing sensitive information by responding, phishing emails often contain links to websites that are designed to look like legitimate organizations. These sites may have account creation forms that request an email, SSN, and banking information. If you believe you’re logging into IRS.gov, you’re far more likely to feel comfortable providing PII.
Those links (or attached documents) are also used to install malware on your device. “Malware” is a portmanteau for “malicious software,” and it’s a catchall category for a number of nasty programs: viruses, worms, Trojans, and ransomware are all considered malware.
The vast majority of malware scams that you are likely to see are a subcategory of email scams, but simply visiting unfamiliar or compromised websites can result in your computer or device being infected.
Here’s how it works: Many websites run scripts, which are basically small programs designed to perform specific commands. When you visit certain infected websites, scripts can be used to automatically download malware to your computer. They can even be embedded in advertisements running on an otherwise trustworthy site, so resisting the urge to click an ad for your favorite kombucha isn’t enough to protect you.
Running a solid security suite can generally protect your computer from malware, but certain web scripts can bypass that line of defense. So, what can you do? Limiting your web surfing to reputable websites is a great place to start.
How do you avoid being a victim of a tax scam?
Protecting yourself from scams often boils down to learning how to identify them. When it comes to tax-related identity theft, you need to know what the IRS would actually do if you had an outstanding tax bill.
First, how will the IRS contact you? According to IRS.gov, “The IRS initiates most contacts with taxpayers through regular mail delivered by the U.S. Postal Service.” That said, they note “there are special circumstances in which the IRS will call or come to a home or business.”
Next, the IRS will not be combative when they contact taxpayers. To help taxpayers, the IRS has a handy list of things they won’t do when discussing payment of an outstanding tax bill:
Finally, the IRS does work with private debt collection agencies. This arrangement is required by 2015 legislation, and, unfortunately, it can cause confusion for taxpayers who are vigilant about tax-related identity theft schemes. If you’re going to be contacted by one of these agencies, you will know about it beforehand: the IRS sends a notification letter containing a specified.
Office security isn’t enough
Unfortunately, being careful with your work devices isn’t enough.
Sleigh bells may be ringing, but that doesn’t mean you should try to track down the best deals with reckless abandon. If you’re doing everything you can to protect your office computers from phone scams, email scams, and malware, you should do the same for your home devices.
Consider this: If your laptop becomes infected with certain types of malware and you connect it to your office Wi-Fi, all other connected computers can be at risk of infection—even if you don’t actively transfer files to them. It’s absolutely vital that you follow data security best practices in all aspects of your life, and learning to avoid data security scams is a key part of protecting yourself from fraudsters.