Tax Scams

Welcome to tax season.  It feels like almost every season is a prime one for various online scams, but tax season is particularly active.  Crooks take advantage of victims’ confusion and stress about filling out complex forms filled with sensitive information, and they steal money, information, or both.  The Center for Internet Security (CIS) has published a useful article describing the problems and solutions.

 

There are two primary forms of tax scams.  In one, the attacker steals the victim’s identity and then files a fraudulent return in the victim’s name.  This is done through the usual social engineering tactics of phishing, malware, and phone impersonation.  Remember, once an attacker has some basic information about you like your name and social security number,  there is often enough information available on LinkedIn or Facebook to figure where you work, roughly how much money you make, whether you’re single or married, how many children you have, etc.  With that information, an attacker can file a pretty convincing tax return with a nice refund due, and have it sent to their bank instead of yours.

 

In the second, attackers call or email pretending to be from the IRS or a tax preparation or debt remediation service and try to pressure victims into paying taxes or to pay for some tax-related service.  Sometimes they will ask for payments via strange methods like gift cards or wire transfers.  The IRS will never call you without sending a letter first.  Here’s an article from 2018 discussing a large call center of people impersonating the IRS that was broken up by law enforcement.

 

What can you do?

On our Cybersafe web page, we provide lots of good resources on how to protect yourself against phishing and other cyber threats.  In addition, the IRS suggests

  • Filing early so the bad guys can’t file on your behalf  
  • Remembering that the IRS will always send you an official letter before contacting you via email or phone.  If you’re suspicious, you can always call them back on a published number.
  • Following the other guidelines in the CIS article.

 

About Cybersafe

The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

 

-Walter Kerner

Assistant Vice-President and Chief Information Security Officer

Read past issues of the CISO Updates Newsletter here.