Each year during the US tax season, scammers begin ramping up their social engineering attacks to steal taxpayers’ information and identity, and fraudulently collect their refunds. It can be a stressful time for many taxpayers, and con artists and cybercriminals are oozing with anticipation that you’ll slip up and become another one of their victims
Here are Bitdefender’s tips for staying safe online during this year’s tax season to avoid becoming another identity theft and fraud victim:
Securing your devices
If you plan to file your tax returns online, make sure your devices are running the latest updates, set up strong and unique passwords for online accounts, and enable 2FA or MFA for an extra layer of security. Also, consider installing a security solution to avoid data and device compromise in case you unwittingly access or download malicious files or links received via email, social media platforms or text.
Spotting fake IRS correspondence
During tax filing season, fraudsters may attempt to contact customers via email, phone, text messages, social media platforms and even regular mail. Telltale signs include a request for sensitive personally identifiable information (PII) such as Social Security numbers, login credentials, bank account or credit card information, and attachment such as PDFs. Additionally, the sender or caller may use scare tactics and unusual language to force you into handing over this data.
- Phishing emails – fake emails that mimic official IRS messages aim to trick users into handing personal and financial details to the crooks. The scammers may use genuine-looking templates and the agency logo and name. The messages usually request PIN information, ask users to provide personal data or access an attachment that may install malicious software on your device
- Vishing – fraudsters posing as IRS employees or representatives contact taxpayers and try to persuade them to make a payment (gift card or wire transfer) that will expedite their tax refund or provide personal information. Those who deny any request are usually threatened that they will be arrested or have their driver’s license suspended.
- Smishing – cybercrooks may also contact unsuspecting users via text messages, urging them to follow a link and fill out their info. The fake websites setup by the scammers have only one purpose – to steal taxpayers’ data.
Becoming a cyber-savvy taxpayer
The ongoing pandemic still poses great challenges for organizations, including the IRS, which has urged citizens to file early and avoid paper tax returns to help ensure a speedy refund. To avoid falling victim to IRS and tax-season scams, users should stick to good cyber hygiene and spread awareness among friends and family:
- Never respond to unsolicited correspondence that asks for your bank account number, credit card number, PIN codes or login credentials
- Always check the spelling and sender’s email address
- Don’t download attachments or click on embedded links unless you are certain that the correspondence is genuine
Bear in mind that:
- No legitimate organization, including the IRS, will demand down payments of fees to ensure early tax returns
- The IRS will never ask for your info, PIN, or Social Security number via text, email or an instant message via social media
- Official representatives or IRS employees will never make threatening phone calls asking you to pay them via gift cards, wire transfer or cryptocurrency
Don’t let cybercriminals and scammers catch you off guard this tax season. Use our extended Bitdefender Total Security trial free of charge for 90 days to keep your devices, personal information and identity safe from cybercriminals and crooks. Better yet, smartphone users can benefit from the latest Scam Alert feature implemented in our Bitdefender Mobile Security app for Android. Scam Alert is a handy tool that ensures a safer online experience, alerting you whenever you receive malicious or fraudulent links arriving via instant messaging apps, SMS or notifications on your phone, including the latest TeaBot and FluBot global malware campaigns that disseminate via text messages.