Fraud is a year-round activity, but tax season brings an increase in calculated schemes to steal money and personal information through forged messages and other means. Cybersecurity firms have also reported an increase in fraud attempts that exploit the conflict in Ukraine — a situation that has heightened fears of potential cyberattacks on US businesses through ransomware and other malware. You can better protect yourself if you know what’s going on. Here is a guide.
Avoid the tax scam
The Internal Revenue Service does not make initial contact with taxpayers via email, text message, or social media channels to request personal and financial information, including bank account or credit card numbers, passwords, password or PIN codes. Messages requesting this information are deceptive “phishing” attempts to steal money and identities.
If the IRS needs your attention, it starts with a notice by regular mail through the United States Postal Service in most cases.
The IRS will not send unexpected messages about verifying statements, sending stimulus payments, collecting your taxes, or “cancelling your social security number.” An IRS representative may call or visit when a taxpayer has an overdue bill or has other tax-related issues. But even then, written notification is usually sent first, according to the agency.
Fraudulent phone calls and voicemails using falsified agency numbers and fake IRS agent identification are common. Again, the agency usually mails a notice first. He doesn’t call out of the blue to discuss tax refunds, threaten to be arrested by local law enforcement, or demand immediate payment in a specific form. Tax bills are paid to the US Treasury and not directly to “agents” requiring funds in iTunes or Amazon gift cards, prepaid debit cards, e-cash, or wire transfer.
The Tax Scams/Consumer Alerts page of the official irs.gov site has a long list of current and classic scams. And the site offers a guide to verifying real IRS agents and identifying legitimate debt collectors.
Make a wise donation
Opportunistic scammers quickly take advantage of natural disasters and humanitarian crises, including the Covid-19 pandemic and the war in Ukraine. Beware of messages from unknown organizations asking for credit card or cryptocurrency donations – or claiming to be from refugees or the military. Crowdfunding campaigns should be avoided or scrutinized unless you know the organizer.
Most fraud attempts are easy to spot. Messages laden with typos, impersonal “official correspondence” from Gmail and Yahoo accounts, and voicemails left by robotic computer speech are instant red flags. Fake invoices and forged PayPal reviews remain popular phishing lures.
You can avoid many phishing lures by adjusting your email program’s spam filters and blocking unwanted calls and text senders. Allow unknown callers to access voicemail. Wirecutter, a site owned by The Times, offers a guide to combating unwanted calls.
Make sure your browser is set to block pop-up messages and warn about malicious sites. Do not install apps from unknown developers and keep antivirus software enabled on your computer. If the spam gets through, don’t call the number or open the attachment – it’s probably malware. If you have any concerns about an account, open your browser and go to the company’s website, avoiding any links in messages.
The Consumer Financial Protection Bureau’s site has a detailed page on frauds and scams that are currently circulating. And even if you have been a safe computer user for years, you probably have a friend or relative who isn’t as tech-savvy and could use your help.