Beware of these phishing scams this Tax season

FIT Information Technology Information Security
Tax season is here, and while it might mean a sweet refund, it also means scammers are out in force trying to steal your hard-earned cash. Often, these scams first come in the form of phishing emails and social engineering. 

Here’s a list of popular scams and how to spot them this tax season:

Unclaimed (or extra) refund phishing: Some taxpayers have received emails that claim to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, trying to trick victims into providing personal and financial information. Do not respond or click any link. This scheme has also involved physical mail coming in a cardboard envelope from a delivery service. The enclosed letter includes the IRS masthead with contact information and a phone number that does not belong to the IRS and wording that the notice is “in relation to your unclaimed refund.”

Update direct deposit phishing: The FBI warns that phishing campaigns have been targeting employees by impersonating their employers’ human resources department by sending email requests to update direct deposit information. The employee is then redirected to a false site where employees are prompted to enter identifying information, leading to a potential bank account compromise. 

Your Social Security number has been suspended. Scammers try to scare you by claiming your Social Security number is suspended due to a tax issue. Don’t panic; it’s a lie! The Social Security Administration (SSA) manages SSNs, and they never suspend them due to tax issues.

How can you protect yourself?

  • To Report Tax-related Phishing Activities: Refer to https://www.irs.gov/privacy-disclosure/report-phishing.

  • Be Wary of Urgent Requests: Phishing emails often create a sense of urgency or threaten consequences if you don’t act immediately. Take a breath, slow down, and think critically.

  • Never Share Personal Information: Legitimate organizations won’t ask for sensitive information via email. If unsure, contact them directly through known official channels.

  • Report Phishing: If you received a phishing email, immediately mark the email as a phish in Google. If you think you have been a victim of a phish, forward it to [email protected] or open a ticket at techhelp.fitnyc.edu

  • FIT’s 2024 mandatory cybersecurity training launches next week! You will be receiving an email from the Cybersafe email account with the subject line “Welcome to your FIT Mandatory Cybersecurity Training,” inviting you to take the Spring 2024 edition of FIT’s Cybersecurity Training. The training is 30 minutes long, and you can stop and start the training as many times as you need until it is completed. You have until the end of the spring semester to complete this training. Please note that this training is referred to in Section V of FIT’s Information Security Policy.

By staying vigilant and recognizing these tricks, you can protect yourself from tax-season scams and keep your money safe!

 

About Cybersafe

The Division of Information Technology is dedicated to protecting the FIT community from the latest cybersecurity threats by providing warnings and creating awareness through training and information-sharing. Visit fitnyc.edu/cybersafe for more information. And stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Read past issues here.

Footer