A quick glance out the window tells me it’s going to be a beautiful day: The sun is shining, and only the hint of clouds paint the clear blue sky. It’s the tail end of spring, and that means sweet tea on the front porch, relaxing in the shade, and, unfortunately, bracing for the inevitable surge of new identity theft scams.
What are the newest tax-related data security threats?
In a recent press release, the IRS confirmed two new identity theft scams. The announcement confirmed that this time of year—“late spring and early summer”—is when fraudsters ramp up their phishing efforts, trying to hook unsuspecting victims. Like many prior scams, it looks like fraudsters are impersonating government agencies.
The first scam is a robocall called “the SSN hustle,” since scammers posing as IRS agents threaten to “suspend or cancel [the victim’s] Social Security Number.” The gist is that scammers send out automated phone calls that threaten victims with SSN suspension if a specific action isn’t taken—in some cases that means calling a number provided in the message, in others it might involve paying an “overdue tax bill.”
Next on the list is the “fake tax agency” scam. As you probably guessed, the scammers pretend to be from a tax agency that isn’t real: the “Bureau of Tax Enforcement.” This time, victims receive a physical letter saying they will suffer an IRS lien if they don’t pay their tax bill. Physical mail—especially when it’s stamped with government seals and contains official-sounding threats—can be intimidating.
And that’s the name of the game: scare victims into providing personally identifiable information (PII) or money.
What can I do to avoid scams?
Aside from identifying new threats, the IRS also reminded that traditional scam tactics like phishing emails and phone calls were still something that should concern taxpayers and tax professionals. These probing efforts target the weakest part of any security apparatus: people.
When it comes to avoiding phone scams, remember that your phone’s caller ID won’t help—at all. The IRS underscores just how easy it is for fraudsters to spoof any number, including those used by the Internal Revenue Service itself. As for phishing emails, these criminals create email addresses that look legitimate at first glance.
Really, the best way to protect yourself from these tried-and-true scams is to understand what the IRS will and will not do when they need to contact someone. The following bulleted list from the IRS press release is titled “Telltale signs of a scam,” since these are things “the IRS (and its authorized private collection agencies) will never [do]:”
In the release, the IRS also cautioned taxpayers who don’t owe any tax against divulging PII over the phone or in an email. To be fair, that’s good advice regardless of whether you owe back taxes.
Here’s some other decent advice: Don’t click links or downloads in unexpected emails. Heck, you might want to exercise a little caution even if you are expecting an email, since your pal or coworker might not know that their computer (and therefore the file they’re sending) has been infected.
Given the damage malware can do to your personal and business finances, it’s probably a good idea to be a little paranoid.