CDCR’s Information Security Office offers tax season safety tips

It’s tax season, which means it’s also time for tax scams, with numerous online schemes attempting to steal people’s tax refunds, bank accounts or identities.

Last year, the Internal Revenue Service (IRS) estimates it paid $5.2 billion in fraudulent identity theft refunds in filing season 2013. Websense Security Labs reported in 2014 it saw approximately 100,000 IRS-related scams in circulation every two weeks.

ISO headerThis year, people need to be especially careful in light of the Anthem Breach, in which data from approximately 80 million customers was exposed, triggering new phishing attacks offering false claims of credit monitoring services.

Users who have already filed their taxes this season can still be vulnerable to tax-related scams. Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the previously filed return.

One scam already impacting users this season involves phishing emails claiming to be from Intuit’s TurboTax. The emails prompt users to click on links to verify their identity or update their accounts in an attempt to download malware to the victim’s machine, or steal data such as Social Security numbers or financial information.

Below are some of the most common email scams users should be cautious about:

  • The email says the user is owed a refund and should forward a bank account number where the refund may be deposited. Once the scammer has the bank account information, the account will see a big withdrawal, not a deposit.
  • The email contains exciting offers or refunds for participating in an “IRS Survey.” This fake survey is actually used to acquire information to perform identity theft.
  • The email threatens the user with fines or jail time for not making an immediate payment, or responding to the email.
  • The email includes a “helpful” downloadable document (e.g. “new changes in the tax law,” a tax calculator, etc.). In reality, the download is a malicious file intended to infect your computer.

How To Avoid Becoming A Tax-Scam Victim

  • Do not respond to emails appearing to be from the IRS. The IRS does not initiate taxpayer communications through email or social media to request personal or financial information. If you receive an unsolicited email claiming to be from the IRS, send it to phishing@irs.gov.
  • Do not respond to unsolicited emails and do not provide sensitive information via email. If the email appears to be from your employer, bank, broker, etc., contact the entity directly. Do not open any attachments or click on links contained in unsolicited or suspicious emails.
  • Carefully select the tax sites you visit. Use caution when searching online for tax forms, advice on deductibles, tax preparers and other similar topics. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or in an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.
  • Secure your computer.  Make sure your computer has all operating system and application software updates. Anti-virus and anti-spyware software should be installed, running, and receiving automatic updates. Ensure you use a strong password and different passwords for each account.

(Editor’s note: Some websites may not be available from a CDCR computer.)

Resources

IRS 2015 Dirty Dozen Tax Scams: www.irs.gov/uac/Newsroom/IRS-Completes-the-Dirty-Dozen-Tax-Scams-for-2015

What to Do if Your Identity is Stolen- FTC Guidebook:   https://www.consumer.ftc.gov/articles/pdf-0009-taking-charge_0.pdf

 

Taxpayer Guide to Identity Theftwww.irs.gov/uac/Taxpayer-Guide-to-IdentityTheft

Tax Scams/Consumer Alertswww.irs.gov/uac/Tax-Scams-Consumer-Alerts

 

Report Phishingwww.irs.gov/uac/Report-Phishing

Information sources:

Facebooktwittergoogle_plusreddit

1 Response

  1. Kerry Monday, March 16, 2015 / 1:23 pm

    ID theft is a nightmare: filing a police report, obtaining a personal identification number instead of an SSN to file under, and swearing an oath of truth (affidavit) that I’m who I’ve always known myself to be! I’m still not sure how the theft occurred. It was a very humbling experience. Present day, although I do everything I can to be careful, my Home Depot account was hacked, electronically, and gift cards were purchased for people in multiple states. Another affidavit signed! Before banking and making electronic transactions, I access another privacy screen before proceeding with needed transactions.

Leave a Reply

Your email address will not be published. Required fields are marked *