DISCLAIMER – With all the scams and identity theft issues we wanted to share what we have read and learned in the past few years. The following may not be all inclusive. The information provided within is to be used as a guideline of what to be aware of and how to be secure to avoid identity theft. In the case of identity theft, we ask you to please verify your next step when reporting to the official agencies (FTC, credit bureau, etc.) as you go through the process. If anything, the following will help you start the process of protecting your identity or your personal financial information to prevent it from being compromised.
By now most people know at least one of the security issues out there: identity theft, scamming, phishing, hacking, etc. This section of our web site is to keep you informed in what’s out there and how to keep your identity and personal information safe.
THIS SECTION WILL BE UPDATED THROUGHOUT THE YEAR TO REFLECT THE CURRENT SCAMS.
Email Scam: A new email scam involves the hacker sending you an email with the subject line reading “Be Sure to read this message! Your personal data is threatened!” The reader is worried so opens the email and discovers a letter starting out with the hacker identifying themselves as a hacker who has accessed your operating system and that they have full access to your account. The hacker may tell you that you were infected through an adult site, then goes on to explain how the said infection occurred then lets you know what you must do to prevent any damage. Usually this can be prevented with payment through Bitcoin. The email is very threatening trying to get the victim to pay. DO NOT send any money. Delete the email.
The Year 2020: When writing the year 2020, the suggestion is to not abbreviate the year. Write out the entire year. If you abbreviate the date as 1/1/20, the date can easily be changed by adding 2 numbers to the end which completely changes the year. For example, if a fraudster gets a hold of a document written with an abbreviated year, they can change the year by adding 2 more digits to the end to make the year 2000, 2001, 2002, through any year after 2020. Protect yourself by using the full 4 digits for the year.
- Today most people use smart phones or tablets. Please remember both are basically a tiny computer and need to be secured just like a computer or laptop. Whether you use your phone for everything (paying bills, office work, etc.) or just use it as a phone (calling and texting), you have personal information in that little device, so be sure to have good virus protection software installed and/or use a VPN (virtual private network).
- Always use security software with a firewall and anti-virus protection and be sure the security software is always turned on and can automatically update. Never download “security” software from a pop-up ad. A popular pop-up ad is one that indicates it has detected a virus on the computer and directs you to download a security software package. Don’t do it! It most likely will install some type of malware. Reputable security software companies do not advertise their product like this.
- Encrypt sensitive files such as tax records that are stored on the computer. Use strong passwords. The longer the password, the tougher it is to crack. Don’t use the same password for all of your accounts. If the password is stolen, it can be used to break into multiple accounts. Don’t share passwords on the phone, in texts or by email. Legitimate companies WILL NOT send messages asking for passwords. Keep your passwords in a secure place.
- Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect personal data. Don’t routinely carry a Social Security card, and make sure tax records are secure. Treat personal information like cash; don’t hand it out to just anyone. The easiest way for criminals to steal sensitive data is simply to ask for it. Social Security numbers, credit card numbers, bank and utility account numbers can be used to steal money or open new accounts. Every time a taxpayer receives a request for personal information, they should think about whether the request is truly necessary. Scammers will do everything they can to appear trustworthy and legitimate.
- Back up files. No system is completely secure. Copy important files, including federal and state tax returns, onto a removable disc or a back-up drive, and store it in a safe place. If you choose to use a back-up drive such as an external hard drive, remember to unplug the drive from the computer after doing your back-up; otherwise, the drive isn’t keeping your information secure and away from hackers.
- Instead of paper checks with pretty pictures, elect to purchase high-security checks. These checks contain several different features to prevent check fraud including watermarks, heat sensitive ink, holograms, fluorescent invisible ink, etc.
- Most banks now offer the option to set an “alarm” if a certain amount is withdrawn from your account. Every time that specified amount or more is drawn from your account, you will receive a text message or email informing you of this withdrawal. If you know you haven’t drawn that amount, contact your bank immediately.
FAKE INSURANCE TAX FORM SCAM
Both tax professionals as well as individuals should be made aware of this scam.
Scammers are using tax professionals to access clients’ annuity and life insurance accounts. The scammer gains access to the tax professional’s account and steals the client’s email address. In turn the scammer impersonates the tax professional and sends an email to the client attaching a bogus insurance form and requesting the client completes this form and returns it to the tax professional via fax or email. The email is VERY similar to the tax professional’s email address but slightly different. The tax professional’s email may be email@example.com and the bogus email address may be firstname.lastname@example.org. The subject line of the email will vary but may express something along the lines of “urgent.” After the client forwards the form, the scammer uses the personal information to either take out a loan or make a withdrawal from those accounts.
IS IT THE IRS OR IS IT A SCAM?
The IRS does not initiate contact with taxpayers by email or text message to request personal or financial information. The most common scams are phone calls and emails from thieves who pretend to be from the IRS. Scammers use the IRS name, logo or a fake web site to try and steal money and even identity from taxpayers.
Phone Calls: Criminals are able to “spoof” caller ID numbers which can look like it actually is the IRS calling. Taxpayers need to be very cautious of phone calls or automated messages from someone who claims to be from the IRS. Often these criminals will tell the taxpayer he/she owes money. They also demand payment right away. Other times scammers will lie to a taxpayer and say they are due a refund. The thieves ask for a bank account information over the phone. The IRS warns taxpayers NOT to fall for these scams.
Example of bogus IRS call: Criminal posing as an IRS agent calls stating the taxpayer’s identity has been stolen. The criminal says the taxpayer’s identity was used to open fake bank accounts and the criminal then tells the taxpayer to buy gift cards from a certain store(s) and wait for further instruction. The scammer then contacts the taxpayer one more time asking the taxpayer to provide the gift cards’ access numbers.
IRS employees will NOT:
- Call demanding immediate payment. The IRS will not call the taxpayer without first sending a bill in the mail.
- Demand payment without allowing the taxpayer to question or appeal the amount owed.
- Require the taxpayer pay their taxes a certain way. For example, demand taxpayers use a prepaid debit card or iTunes card.
- Ask for credit or debit card numbers over the phone.
- Threaten to contact local police or similar agencies to arrest the taxpayer for non-payment of taxes.
- Threaten legal action such as a lawsuit.
- The IRS will not leave a prerecorded message asking a taxpayer to call back.
- The IRS never uses text messages or social media to discuss personal tax issues such as billing and refunds.
If a taxpayer doesn’t owe tax or think they don’t owe any tax, they should:
- Not give out any information. Hang up immediately.
- Contact the Treasury Inspector General for Tax Administration. Use TIGTA’s “IRS Impersonation Scam Reporting” web page to report the incident.
- Report the incident to the Federal Trade Commission. Use the “FTC Complaint Assistant” on the FTC.gov. Please add “IRS Telephone Scam” to the comments of your report.
- Report the caller ID and/or callback number to the IRS at email@example.com (Subject line: IRS Phone Scam).
E-mails: In most cases, an IRS phishing scam is an unsolicited email that claims to come from the IRS. Criminals often use fake refunds, phony tax bills or threats of an audit. Some emails actually will link you to a web site that looks real. The scammers’ goal is to have the taxpayer click on that link and give up their personal and financial information on the fake web site. If the scammer is successful, they use that information to steal a victim’s money and their identity. Always remember, the IRS does not initiate contact with a taxpayer through email to request personal or financial information. This information will be requested by the IRS through mail delivered by the United States Postal Service.
Example of IRS Impersonation Email Scam: The subject line may be something like “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.” The email will include a link that show an IRS.gov-like web site with details pretending to be about the taxpayer’s refund, electronic return or tax account. The email also contains a temporary password to access the files to submit the refund. When the taxpayer clicks on this link, it turns out to be a malicious file. Remember, the IRS does not send emails about your tax refund or any sensitive financial information.
If you owe tax or think you owe tax to the IRS:
- Go to irs.gov to see the actual amount owed (view tax account information online). Taxpayers can also review their payment options.
- Call the number on the billing notice or call the IRS at 800-829-1040.
For those taxpayers who get an email from the IRS requesting personal information:
- Don’t reply to the message or give out your personal or financial information.
- Forward the email to firstname.lastname@example.org.
- Do not open any attachments or click on any links. They may have malicious code that will infect your computer or cell phone.
- Delete the original email.
Text Message: If you receive a text message from someone claiming to be from the IRS, follow these instructions.
- Do not reply.
- Do not open any attachments.
- Do not click on any links.
- Forward the text as-is to the IRS at 202-552-1226 (remember that standard text messaging rates may apply).
- If possible, in a separate text, forward the originating number to the agency at
- Delete the original text.
Web site: If you come across a web site that appears to be the IRS but you suspect it to be bogus, you should:
- Send an email with the URL of the suspicious site to email@example.com.
- Include a subject line of “suspicious web site.”
Home Visits: The Internal Revenue Service has created a special new page on IRS.gov to help taxpayers determine if a person visiting their home or place of business is from the IRS or an imposter.
With continuing phone scams and in-person scams taking place, remember IRS employees do make official, sometimes unannounced visits to delinquent taxpayers as part of their routine casework.
The reasons these visits occur and how to verify if it is the IRS knocking at your door fall into three categories:
- IRS revenue officers will sometimes make unannounced visits to a taxpayer’s home or place of business to discuss taxes owed or tax returns due. Revenue officers are IRS civil enforcement employees whose role involves education, investigation, and when necessary, appropriate enforcement. Be sure to get their business card and credentials before leaving the officer in your home or business.
- IRS revenue agents will sometimes visit a taxpayer who is being audited. That taxpayer would have first been notified by mail about the audit and set an agreed-upon appointment time with the revenue agent. Also, after mailing an initial appointment letter to a taxpayer, an auditor may call to confirm and discuss items pertaining to the scheduled audit appointment. Be sure to get their business card and credentials before leaving the agent in your home or business.
- IRS criminal investigators may visit a taxpayer’s home or place of business unannounced while conducting an investigation. However, these are federal law enforcement agents, and they will not demand any sort of payment. Criminal investigators also carry law enforcement credentials, including a badge.
IRS representatives will always provide their credentials, called a pocket commission and an HSPD-12 card. Taxpayers do have a right to see these credentials. The taxpayer can request additional ID for verification. Also, upon request, the IRS is able to provide a toll-free employee verification phone number.
For more information, visit “How to know it’s really the IRS calling or knocking on your door” onIRS.gov.
The IRS has assigned a small number of accounts to private-sector collection agencies to collect taxes from taxpayers with overdue federal tax accounts. If you do owe taxes—or think you do—stay alert to scams that use the IRS as a lure. Tax scams can happen any time of year, not just at tax time. For more information, visit “Tax Scams and Consumer Alerts” at IRS.gov.
The process used when a taxpayer’s overdue taxes are passed on to one of four collection agencies used by the IRS is as follows:
- The IRS will send the taxpayer a letter to let them know their case is being turned over to a collection agency. The collection agency will also send the taxpayer a letter confirming they have been assigned to the taxpayer’s account.
- The IRS will assign the taxpayer’s account to only one of the collection agencies they use, never all four.
- The collection agency will…
- Identify themselves and request payment to U.S. Treasury
- Not ask for payment on a prepaid debit or gift card
- Not take enforcement action
Taxpayers who receive the IRS phone scam or any IRS impersonation scam should report it to the Treasury Inspector General for Tax Administration at its IRS Impersonation Scam Reportingsite and to the IRS by emailing firstname.lastname@example.org with the subjective line “IRS Impersonation Scam.”
Giving to a charity can be very fulfilling. However, taxpayers should be cautious about groups masquerading as charitable organizations to attract donations from unsuspecting contributors.
Some basic tips offered by the IRS for taxpayers making charitable donations:
- Be aware of charities with names that are similar to familiar or nationally known organizations. Some phony charities use names or web sites that sound or look like those of respected, legitimate organizations. IRS.gov has a search feature, Exempt Organizations Select Check, which allows people to find legitimate, qualified charities to which donations may be tax-deductible. A legitimate charity will not be afraid to provide their Employer Identification Numbers (EIN), if requested, which can be used to verify that they are legitimate. It is advisable to double check using a charity’s EIN.
- Don’t give out personal financial information, such as Social Security numbers or passwords, to anyone who solicits a contribution. Scam artists may use this information to steal identities and money from victims. Donors often use credit cards to make donations. Be cautious when disclosing credit card numbers. Confirm that the charity is legitimate.
- Don’t give or send cash. For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the gift.
Popular types of scams when it comes to charities are those following major disasters. It’s common for scam artists to impersonate charities to get money or private information from well-intentioned taxpayers. Some scammers operating fake charities may contact people by telephone or email to solicit money or financial information. They may even directly contact disaster victims and claim to be working for or on behalf of the IRS to help the victims file casualty loss claims and get tax refunds.
To help disaster victims, the IRS encourages taxpayers to donate to recognized charities. Disaster victims can call the IRS toll-free disaster assistance telephone number (866-562-5227). Phone assistors will answer questions about tax relief or disaster-related tax issues.
PROTECT YOUR SMALL BUSINESS
Avoid being compromised on line by following these steps:
- Keep your computer and anti-virus software set to update and run automatically.
- Use different and strong passwords for each online account.
- For your mobile phone, check often for software updates and only install trusted apps.
- Contact your phone provider to add a password or PIN to your accounts.
TEACH TEENS ONLINE SAFETY
Parents teach their children how to balance a checkbook, how to drive and how to cook; why not teach them internet safety?
- Security is important. Teach your teens not to reveal too much about themselves. Leaving a trail of personal information is making the fraudster’s job so much easier. Remind your teens not to reveal their birthday, address, age and especially not their social security number.
- Firewall and anti-virus software. Remind your teens to always use firewalls and anti-virus protection to protect sensitive information found in documents such as school transcripts and college applications.
- Recognizing and avoiding scams. Recognizing scams is of utmost importance. Explain to your teens what scams are, how to recognize them and how to deal with them.
- Personal data. Advise your teen to only shop at reputable online retailers. Point out how to verify the shopping site is secure. Personal information is like cash; don’t leave it lying around.
- Public Wi-Fi risk. Explain while public Wi-Fi may be free and convenient, it’s not always safe. Hackers can easily steal information from their device if connected to public Wi-Fi. Remind them to use a virtual private network (VPN) when connecting to public Wi-Fi.
STRENGTH IN PASSWORDS
Recently there’s been new thinking as to how to create a strong password. The suggestion is to create a passphrase of familiar things to you such as a favorite line from a movie or a series of words familiar to you but something that would be difficult for a hacker to guess. Continue to use different passwords or phrases for each account. Also, implementing multi-factor authentication when possible secures your account even more. If a device comes with a factory-set password, change it immediately. The National Institute of Standards and Technology (NIST) has the following suggestions for creating a better password:
- Use items that have meaning to you but that no one else could guess.
- Passphrases should be words that make sense to you but no one else. Good: Items in your kitchen such as BlackStoveFlowersTwoSinks. Bad example: Names of your children or pets.
- The key is to use words that you can picture in your head.
- Phishing: Remember, the IRS will never initiate contact with taxpayers via email about a tax bill or refund. Don’t click on emails or fake web sites claiming to be from the IRS.
- Phone Scams: Criminals impersonating IRS agents remain an ongoing threat to taxpayers. They usually threaten with police arrest.
- Identity Theft: Tax time is the worst time for identity theft, although it can absolutely happen year-round. The IRS aggressively pursues criminals that file fraudulent returns using someone else’s Social Security number. Continue to be extremely cautious when giving out sensitive information. Better safe than sorry!
- Fake Charities Beware of groups masquerading as charitable organizations. These groups have names very similar to well-known organizations. Research the organization to know where your money is going. See Fake Charities above for more information.
- Excessive Claims for Business Credits: Avoid improperly claiming the fuel tax credit. This tax benefit is generally not available to most taxpayers. The credit is usually limited to off-highway business use including use in farming. Also avoid misuse of the research credit. Improper claims often involve failures to participate in or substantiate qualified research activities and satisfy the requirements related to qualified research expenses.
- Falsely Padding Deductions on Returns: Avoid the temptation to falsify deductions or expenses on tax returns in order to pay less than owed or receive larger refunds. Think twice before overstating deductions such as charitable contributions and business expenses or improperly claiming credits such as the Earned Income Tax Credit or Child Tax Credit.
- Falsifying Income to Claim Credits: Don’t invent income to erroneously qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers should file the most accurate return possible because they are legally responsible for what is on their return. Claiming false income can lead to taxpayers facing large bills to pay back taxes, interest and penalties. In some cases, they may even face criminal prosecution.
- Abusive Tax Shelters: Don’t use abusive tax structures to avoid paying taxes. Everyone should be on the lookout for people peddling tax shelters that sound too good to be true.
- Frivolous Tax Arguments: Don’t use frivolous tax arguments to avoid paying tax. Promoters of such schemes encourage taxpayers to make unreasonable and outlandish claims, even though they have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.
- Offshore Tax Avoidance: It’s never a good idea to hide money and income offshore. Taxpayers are best served by coming in voluntarily and taking care of their tax-filing responsibilities. The IRS offers the Offshore Voluntary Disclosure Program to enable people to catch up on their filing and tax obligations.
- W-2 Phishing:The scammer poses as an internal executive requesting employee Forms W-2 and Social Security Number information from company payroll or human resources departments. The personal information is then used for identity theft and to file false tax returns.
COMMON SCAMS AS REPORTED BY THE CREDIT BUREAU
- “Can You Hear Me Now” and “Yes” calls: The scammer calls you hoping to get the person on the other end of the line to say “yes” and then will use the recorded “yes” to obtain a voice signature to authorize charges over the phone. If you do not recognize the person’s voice, you might want to say something like “This is Jane.” If you suspect the person is a scammer, do not respond. Hang up the phone. On the other hand, if you are the caller, it might be best to identify yourself before asking who you are speaking to, i.e., “Hello, this is Jane. Is this Paul?”
- Car Scams: The scammer targets those looking to purchase a car. The scammer posts a picture of a car on line and gives logical reasons why the price is so low (i.e., they are being deployed in the next several days or they are starting college very soon, etc.). The seller will then ask the prospective buyer to purchase prepaid gift cards in the amount of the sale and share the prepaid codes. The buyer is then told the car will be delivered but obviously the car, since an imposter, does not arrive and the buyer doesn’t hear back from the seller and has lost that money. Remember, if the price is too good to be true, don’t fall for it.
- Fake Bank Apps: Large banks have scammers posing as them who send emails stating they need information from the recipient. They ask the recipient to click on a link within the email. They tend to use phrases such as “Your account is at risk” to get your attention so you reply before thinking. DO NOT CLICK ON THE LINK. If you suspect it may truly be from your bank, close the email and go to your bank’s web site to see if this information is needed. Never click on links in suspicious emails. This is all an attempt to collect sensitive information.
- Home Improvement Scams: As the weather gets nicer, home improvement scams begin. Some scammers go door-to-door offering their services, take a deposit and then never complete the work. If you are unsure of the legitimacy of the salesman and are interested in their services, ask for a card and tell them you will get back to them. Do some research on the company by going to the Better Business Bureau web site (bbb.org). Another prime time for these types of scams is after a natural disaster (flooding, hurricanes, tornadoes, etc.)
- Jury Duty Scams: Scammers posing as a police or judicial official call the victim and tell them they did not report to jury duty and therefore owe a fine. The scammers go as far as spoofing the number from which they are calling to make the victim believe it’s a real call.
- Medicare Scam: An example of Medicare scam is a criminal using a cardholder’s Medicare benefits to obtain equipment such as an electric wheelchair. Then, if something happens to the cardholder and they need that particular equipment, they are unable to get it because Medicare has record of the patient already obtaining that piece of equipment.
- Netflix Scam: Scammers have taken to targeting Netflix. They will send a phishing email to subscribers with the subject line stating “payment declined” or “please update your payment details” to get the victim’s attention. They include a fake link in the email asking you to click to update your information. If you suspect your information may need to be updated, type the Netflix address in the browser instead of clicking on the link.
- Porting Scams: This scam involves stealing your phone number and phone service to get access to your bank account through confirmation text messages. The scammer begins by obtaining your name, phone number and then they gather more information on you such as address, social security number and date of birth. They then contact your mobile carrier and state that your phone has been stolen and ask to “port” the number over to another provider and device. After your phone has been ported to a new device, the scammer can then start accessing your accounts that require additional authorization, such as coded text to your phone.
- Romance Scams: The scammer sets up an account on a dating site with fake information and photos that are too good to be true. Once a target has been zeroed in on, the scammer makes up a story that they would like to visit you but there is a problem with finances and ask if the victim can send money so they can finally meet (another tactic is the scammer will tell the victim they have a sick relative and are in need of money to help them). Seniors are usually the primary target for this scam. Signs that the person you are talking to online is a scammer: They ask you for money and try to lure you off the dating site; they profess love quickly and claim to be from the US but currently are overseas for business/military; they claim to need money for an emergency—hospital bills or travel; plans to visit but can’t because of emergency.
- Shimmer Scams: A shimmer is a very thin piece of paper that can read chips in credit cards and debit cards. The sheet of paper is placed in an ATM and it will read information on the card used. This allows the scammer to create a non-chip version card which contains only the magnetic strip.
- Veterans scams: Scammers offer pension buyouts to veterans or ask them to donate to a charity that sounds real but isn’t real. The scammers can also take the donor’s personal information to create a new identity or even commit more crimes under the veteran’s name.
- Publishers Clearing House Scam: The scammer calls or sends a letter saying the recipient is the winner, but in order to collect the prize the recipient has to send money to pay taxes and fees. The scammer asks the recipient to send payment via Western Union, MoneyGram or a reloadable card or gift card because this form of payment is almost impossible to trace. The real Publishers Clearing House says they will never ask a person to pay a fee to collect a prize.
- Fake Invoice Scam: Scammers have recycled an old phishing scam. They pretend they are a well-known tech company and email a fake invoice to the victim for a supposed purchase of an app or music. The email tells the victim to click on a link within the email. If you haven’t made any such purchase …STOP! DO NOT CLICK ON THE LINK. The scammer is trying to commit identity theft or they may be trying to gain access to your computer and can even lock you out of important files on your computer.
- “Neighbor Spoofing” Scam: When you receive a phone call that has the first 6 digits the same as your number, it can lead you to believe it’s a local call. Scammers are counting on you believing it’s local and therefore you are more likely to pick up. These days it’s very easy to fake caller ID numbers. Remember, if you see what appears to be a local number on your caller ID, it could be fake. If you answer and don’t recognize the caller, hang up.
RECAP ON SECURITY
For families with children and aging parents, it’s important to make sure everyone guards their personal information online and at home.
If everyone in your family uses the same computer, do not turn off any security software or open any suspicious emails. Never click on embedded links or download attachments of emails from unknown sources. Actions by one computer user could infect the machine for all users.
Do not store credit card information on any web site (Amazon, EBay, etc.). Kids & aging parents should be warned against oversharing personal information on social media. Oversharing addresses, a new family car or a parent’s new job gives identity thieves a window into an extra bit of information they need to impersonate you.
Don’t assume ads or emails are from reputable companies. Check out companies to find out if they are legitimate. When you’re online, a little research can save you a lot of money and reduce your security risk. If you see an ad or an offer that looks too good, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you cannot find contact information for the company, take your business and your financial information elsewhere. Even if a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.
Aging parents may also need assistance for someone to routinely review charges to their credit cards or withdrawals from their financial accounts. Unused credit cards should be canceled. An annual review should be made of their credit reports at annualcreditreport.com to ensure no new accounts are being opened by thieves, and reviewing the Social Security Administrationaccount to ensure no excessive income is accruing to their account.
Seniors also are especially vulnerable to scam calls and pressure from fraudsters posing as legitimate organizations, including the Internal Revenue Service, and demanding payment for debts not owed. The IRS will never make threats of lawsuit or jail or demand that a certain payment method, such as a debit card, be made.
Some simple steps—and a conversation—can help the young and old avoid identity theft schemes and scammers.
Here are a few basic tips to recognize and avoid a phishing email:
- It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link for your convenience when in reality it may be a link to a spoofing site that may look similar to the legitimate official web site. Do not click on the link. Instead, hover the mouse over the link to see where the link will be taking you. If the email contains the name of a person, contact that person and see if they sent the email. Remember not to use the email address or phone number contained within the email since that may lead you to the criminal.
- It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
- It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as government agencies. Thieves often try to imitate the IRS and other government agencies.
- It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links. You may want to call your friend and see if they sent you an email.
- It has a lookalike or identical URL. Some emails from friends look questionable. Look at the address. If the address looks similar or identical, place your cursor over their address and see if it’s the same address as your friend. If not, delete immediately. If the address matches your friend’s email address but the email has a link to click on and sounds “off,” call your friend to be sure they sent the email. If not, delete immediately. Most likely the email contains malware.
- Use security features. Your browser and email provider generally will have anti-spam and phishing features. Make sure you use all of your security software features.
- It has a logo or grammar that is “off”. If the email contains a logo, does it appear to be stretched or broken? Many times, phishing emails containing a popular company logo will have a logo that isn’t quite as clear as the real company. Also, if the email has text in the body of the email, read the email carefully and look for spelling or grammatical errors. Phishing emails are far from perfect when it comes to their wording or spelling.
Here are a few simple steps you can take to protect yourself:
- Avoid suspicious phishing emails that appear to be from the IRS or other companies; do not click on the links—go directly to their web sites instead.
- Beware of phishing scams asking you to update or verify your accounts.
- “Strange” emails. Sometimes you will receive an email with an attachment from someone you know and it may sound “strange,” like something they wouldn’t send. The email address attached to the email may be their actual email address but if you are not 100% sure the sender would send such an email, call the person to be sure they sent you the email. If they tell you they haven’t sent you an email, delete the email; it is most likely malware and could infect your computer.
- Download and install software only from web sites you know and trust.
- Use security software to block pop-up ads, which can contain viruses. Avoid “free” security scans or pop-up advertisements for security software.
- Ensure your family understands safe online and computer habits.
- Look for the “S”. When shopping or banking online, always look to see that the site uses encryption to protect your information. Look for “https” at the beginning of the web address. The “s” is for secure. Unencrypted sites begin with an http address. Additionally, make sure the https carries through on all pages, not just the sign-on page.
- Secure Wireless Networks. A wireless network sends a signal through the air that allows it to connect to the Internet. If your home or business Wi-Fi is unsecured, it also allows any computer within range to access your wireless and potentially steal information from your computer. Criminals also can use your wireless to send spam or commit crimes that would be traced back to your account. Always encrypt your wireless. Generally, you must turn on this feature and create a password.
- Be cautious when using public wireless networks. Public Wi-Fi hotspots are convenient but often not secure. Tax or Financial Information you send through web sites or mobile apps may be accessed by someone else. If a public Wi-Fi hotspot does not require a password, it probably is not secure. Remember, if you are transmitting sensitive information, look for the “s” in https in the web site address to ensure that the information will be secure.
- Social media. With social media being so popular today, some people post their location or photos of where they are at the present time, whether vacationing or at a restaurant. This basically tells the world you are not home. The best thing to do if you are on vacation, is wait until vacation is over and then post your photos and videos of your vacation.
- Change passwords frequently. Although in the past we’ve been told to use a combination of upper case letters, lower case letters, numbers and symbols, the new suggestion is to create a passphrase you can remember, such as a line from a movie or a series of words—the longer the better; for example, CrookedPictureGreenSoap.
Here are a few basic steps to making passwords better and stronger:
- Add password protections to all devices. You should use a password to protect any device that gives you that opportunity. Not only your computer, tablet or mobile phone but also your wireless network. The password is your first line of defense.
- Change all factory password settings. If your device comes with factory password settings, for example the camera on your laptop, change it immediately.
- Longer is better. A password should be a minimum of 12 but longer is better. It should be a combination of upper case and lower case letters, numbers and special characters. Do not use your name, birthdate, sibling’s, pet’s or child’s names. Also, substituting numbers and symbols for letters in words or phrases can make it more difficult for a criminal to crack your password.
- Do not repeat passwords. These days, people often have multiple password-protected accounts. Do not use the same password repeatedly. Should a thief steal your password, he immediately will have access to other important accounts. Use different passwords, especially on important financial or tax accounts.
- Don’t share passwords. Never share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam. Keep your passwords in a secure place, out of plain sight.
- Use two-factor authentication options. Many social media and financial institutions now give you the option of setting up a two-factor or two-step authentication process. A two-factor process involves a security code being sent to your registered mobile phone or personal email. This means if a thief manages to steal your user name and password, he will be blocked from accessing your accounts.
- Consider a password manager. One option for keeping track of your passwords on multiple accounts and getting help in creating strong passwords is to use a password manager. Some reputable companies offer free or low-cost versions of their products. See if a password manager might be right for you.
Here are steps you can make part of your routine to protect your personal identity tax and financial information:
- Read your credit card and banking statements carefully and often; watch for even the smallest charge that appears suspicious. (Neither your credit card nor bank—or the IRS—will send you emails asking for sensitive personal and financial information such as asking you to update your account.)
- Review all paper notices and correspondence from the Internal Revenue Service, Department of Revenue, or any other government agency. As long as the notice is official you may need to respond. Our clients might want to seek advice from us before responding to any income tax notices. Warning signs of tax-related identity theft can include IRS notices about tax returns you did not file, income you did not receive or employers you’ve never heard of or where you’ve never worked.
- Review each of your three credit reports at least once a year. Visit annualcreditreport.com to get your free reports.
- Review your annual Social Security income statement for excessive income reported. You can sign up for an electronic account at SSA.gov.
- Read your health insurance statements; look for claims you never received.
- Shred any documents with personal and financial information. Never toss documents with your personally identifiable information, especially your social security number, in the trash or recycle bin.
- If you receive any routine federal deposit such as Social Security Administrator or Department of Veterans Affairs benefits, you probably receive those deposits electronically. You can use the same direct deposit process for your federal and state tax refund. IRS direct deposit is safe and secure and places your tax refund directly into the financial account of your choice.
- Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records you store on your computer. Use strong passwords.
- Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as your bank, credit card company and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure. Treat your personal information like you do your cash; don’t leave it lying around.
- Do not give a business your SSN or ITIN just because they ask. Give it only when required.
- Do not give personal information over the phone, through the mail or on the internet unless you have initiated the contact or you are sure you know with whom you are dealing.
- Secure personal information in your home.
- Whether stored on paper or kept electronically, the IRS urges taxpayers to keep tax records safe and secure, especially any documents bearing Social Security numbers. The IRS also suggests scanning paper tax and financial records into a format that can be encrypted and stored securely on a flash drive, CD or DVD with photos or videos of valuables.
- Now is a good time to set up a system to keep tax records safe and easy to find when filing next year, applying for a home loan or financial aid. Tax records must support the income, deductions and credits claimed on returns. Taxpayers need to keep these records if the IRS asks questions about a tax return or to file an amended return.
- It is even more important for taxpayers to have a copy of last year’s tax return as the IRS makes changes to authenticate and protect taxpayer identity. Beginning in 2017, some taxpayers who e-file will need to enter either the prior-year Adjusted Gross Income or the prior-year self-select PIN and date of birth. If filing jointly, both taxpayers’ identities must be authenticated with this information. The AGI is clearly labeled on the tax return.
- If disposing of an old computer, tablet, mobile phone or back-up hard drive, keep in mind it includes files and personal data. Removing this information may require special disk utility software. More information is available on IRS.gov at How long should I keep records?
If you suspect you are a victim of identity theft, please go to “Identity Theft” on our website’s “Security Awareness” section.