DISCLAIMER – With all the scams and identity theft issues we wanted to share what we have read and learned in the past few years. The following may not be all inclusive. The information provided within is to be used as a guideline of what to be aware of and how to be secure to avoid identity theft. In the case of identity theft, we ask you to please verify your next step when reporting to the official agencies (FTC, credit bureau, etc.) as you go through the process. If anything, the following will help you start the process of protecting your identity or your personal financial information to prevent it from being compromised.
This section of our web site was put together to help keep you informed of a multitude of scams and how to keep your identity and personal information safe.
KEEPING OUR CLIENTS’ INFORMATION SAFE FROM PHISHING SCAMS
While we continue to impress upon our clients how important it is to be aware of scams through emails, calls and texts to protect themselves from identity theft and scams, we want to assure you that we are doing the same on our end to keep your personal information safe.
One such scam that has been targeting tax professional offices is a phishing scam that involves verification of Electronic Filing Identification Numbers. Luckily, Main Street has not had to deal with this issue. Rest assured if Main Street would receive this type of email, the email would not be opened and would be deleted.
We have, however, received the “new client” phishing scam. These emails are received in our junk/spam folders. The email states that the person is new to the area, has an urgent tax issue and is looking for a tax professional. They say they have attached the IRS notice and their previous year’s tax return. There are variations to this scam but all have some type of attachment. When we receive these emails, we don’t open or click on the attachments and we delete the email. On our website, we clearly state “For security purposes, please call us if you would like to request an appointment.”
RANSOMWARE…DOES YOUR EMPLOYER HAVE WRITTEN POLICIES & PROCEDURES?
If not, you may want to share the following with them.
Ransomware is defined as a type of malicious software designed to block access to a computer system until a sum of money is paid. The most common method hackers use to deliver ransomware is through email. The hacker creates a file or link that looks legitimate and tricks the user into clicking on it and in turn the ransomware has now infected the computer.
Ransomware has been around for years and while personal computers were once the target, the ransomware actors recently have formed groups that target large corporations in order to demand bigger payouts (also referred to as “big game hunting”). These groups have gone so far as to form partnerships to share advice, code, trends, techniques and illegally obtained information over shared platforms. The criminals are also now engaging in “double extortion schemes” which involves not only locking the user out of their system but actually removing sensitive data from the targeted network, encrypting the system files and then demanding ransom.
Proactive prevention through effective cyber hygiene, cybersecurity controls and other best practices are often a company’s best defense against ransomware.
THIS SECTION WILL BE UPDATED THROUGHOUT THE YEAR TO REFLECT THE CURRENT SCAMS.
NEW TAX SCAM: This scam involves making people believe they are owed a refund. The mailing is sent to the victim in a cardboard envelope from a delivery service. The enclosed letter which looks like it’s from the IRS uses wording such as “in relation to your unclaimed refund.” The letter goes on to say the recipient needs to provide “filing information” for their refund, as well as sensitive information such as cell phone number, Social Security number, bank routing information, and bank account type. Look for the following warning signs: Odd punctuation, a mixture of fonts and misspellings, and any other inaccuracies. See below, IS IT THE IRS OR IS IT A SCAM? for more information on how to recognize these scams.
ONE RING PHONE SCAM: A scammer’s goal isn’t always to get you to answer, but to get you to call back. Your cell phone may ring only once and then stop. If you don’t recognize the number, don’t call them back. A lot of these calls are located outside the U.S., even though they may mask their number to look like a local number. By calling them back, you may be charged a fee for international calling along with per-minute fees as long as you are on the line with them. The charges may show up on your bill as premium services. Avoid these types of scams by 1) not answering or returning calls you don’t recognize, 2) if you do call back, check the area code to see if it’s an international number (example, ‘649’ goes to the Turks and Caicos and ‘809’ goes to the Dominican Republic), 3) if you don’t routinely make international calls, ask your wireless provider to block outgoing international calls on your line, and 4) ALWAYS be cautious, even if the number appears authentic.
STUDENT LOAN FORGIVENESS SCAM: Even though nothing is certain about the President’s student loan forgiveness program, scammers are trying to make a profit from people who do not realize the program has been put on hold by putting applications online and asking the victim to fill in their information to be approved for this program, attempting to get social security information and bank information from the victim. Sometimes the scammers will even attempt to call and pressure the victim into applying and charging a fee for their help. For information on the status of the student loan forgiveness program, go to the Federal Student Aid website for up-to-date information.
CHECK WASHING SCAM: Even though other payment methods are replacing checks, checks are still being used and scammers are still looking for checks in mailboxes. After stealing checks, they soak them in household chemicals to get rid of the original name and dollar amount, leaving behind blank lines to allow the scammer to fill in whatever information he wishes. Some tips to avoid checks being stolen are to not put outgoing checks in your mailbox for pick-up the next day. Also, if you are going on vacation, make sure to have the post office hold your incoming mail for you or have a trusted friend pick up your mail.
OOPS, WRONG NUMBER TEXT: Scammers are starting to text people with urgent messages. You don’t know the person, but they act like they know you. You text back something like “Sorry, wrong number.” The scammer continues to text you with very friendly messages in an attempt to get to the point of inviting you to an adult website where you will need to plug in your credit card number. The only solution to a scam like this is to not reply and block their number immediately.
- Smart Phones or Tablets: Please remember both are basically a tiny computer and need to be secured just like a computer or laptop. Whether you use your phone for paying bills, office work, etc. or just use it for calling and texting, you have personal information in that little device, so be sure to have good virus protection software installed and/or use a VPN (virtual private network). Another suggestion is to be sure your operating system is updated regularly. Updates usually address security concerns within the operating system.
- Computers and Laptops: Always use security software with a firewall and anti-virus protection and be sure the security software is always turned on and can automatically update. Never download “security” software from a pop-up ad. A popular pop-up ad is one that indicates it has detected a virus on the computer and directs you to download a security software package. Don’t do it! It most likely will install some type of malware. Reputable security software companies do not advertise their product like this.
- Encrypt Sensitive Files: Use strong passwords. The longer the password, the tougher it is to crack. Don’t use the same password for all of your accounts. If the password is stolen, it can be used to break into multiple accounts. Keep your passwords in a secure place.
- Recognize and Avoid: Be observant of phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect Personal Data: Don’t routinely carry a Social Security card, and make sure tax records are secure. Treat personal information like cash; don’t hand it out to just anyone. Social Security numbers, credit card numbers, bank and utility account numbers can be used to steal money or open new accounts. Every time a taxpayer receives a request for personal information, they should think about whether the request is truly necessary. Scammers will do everything they can to appear trustworthy and legitimate.
- Back Up Files: No system is completely secure. Copy important files, including federal and state tax returns, onto a removable disc or a back-up drive, and store it in a safe place. If you choose to use a back-up drive such as an external hard drive, remember to unplug the drive from the computer after doing your back-up; otherwise, the drive isn’t keeping your information secure and away from hackers.
- Paper Checks: Instead of checks with pretty pictures, elect to purchase high-security checks. These checks contain several different features to prevent check fraud including watermarks, heat sensitive ink, holograms, fluorescent invisible ink, etc.
- Alarm: Most banks now offer the option to set an “alarm” if a certain amount of money is withdrawn from your account. Every time that specified amount or more is drawn from your account, you will receive a text message, email or call informing you of this withdrawal. If you haven’t drawn that amount from your account, contact your bank immediately.
- Identity Protection PIN: This is a 6-digit code known only to the taxpayer and the IRS that helps to prevent identity theft. You can read more about this on IRS.gov.
FAKE INSURANCE TAX FORM SCAM
Both tax professionals as well as individuals should be made aware of this scam.
Scammers are using tax professionals to access clients’ annuity and life insurance accounts. The scammer gains access to the tax professional’s account and steals the client’s email address. In turn the scammer impersonates the tax professional and sends an email to the client attaching a bogus insurance form and requesting the client completes this form and returns it to the tax professional via fax or email. The email is VERY similar to the tax professional’s email address but slightly different. The tax professional’s email may be email@example.com and the bogus email address may be firstname.lastname@example.org. The subject line of the email will vary but may express something along the lines of “urgent.” After the client forwards the form, the scammer uses the personal information to either take out a loan or make a withdrawal from those accounts.
IS IT THE IRS OR IS IT A SCAM?
The IRS does not initiate contact with taxpayers by email, text message or social media to request personal or financial information. The most common scams are phone calls and emails from thieves who pretend to be from the IRS. Scammers use the IRS name, logo or a fake web site to try and steal money and even identity from taxpayers.
Letters and Notices: A letter of notice is usually the first way the IRS will contact a taxpayer. If a taxpayer receives a suspicious letter or notice, they can check to see if it’s really the IRS:
- Log into their secure IRS Online Account to see if a copy of the notice or letter is in their file.
- Review common IRS letters and notices at the Understanding Your IRS Notice or Letter page on IRS.gov.
- Contact IRS customer service directly to authenticate the letter, if unable to authenticate in online account.
- If you received a notice from a private collection agency, verify it has the same Taxpayer Authentication Number as the Notice CP40 the taxpayer received from the IRS. Taxpayers can visit Private Debt Collection Frequently Asked Questions to learn more about verifying a private collection agency.
Phone Calls: Criminals are able to “spoof” caller ID numbers which can look like it actually is the IRS calling. Taxpayers need to be very cautious of phone calls or automated messages from someone who claims to be from the IRS. Often these criminals will tell the taxpayer he/she owes money. They also demand payment right away. Other times scammers will lie to a taxpayer and say they are due a refund. The thieves ask for a bank account information over the phone. The IRS warns taxpayers NOT to fall for these scams.
Example of bogus IRS call: Criminal posing as an IRS agent calls stating the taxpayer’s identity has been stolen. The criminal says the taxpayer’s identity was used to open fake bank accounts and the criminal then tells the taxpayer to buy gift cards from a certain store(s) and wait for further instruction. The scammer then contacts the taxpayer one more time asking the taxpayer to provide the gift cards’ access numbers.
IRS employees will NOT:
- Call demanding immediate payment. The IRS will not call the taxpayer without first sending a bill in the mail.
- Demand payment without allowing the taxpayer to question or appeal the amount owed.
- Require the taxpayer pay their taxes a certain way. For example, demand taxpayers use a prepaid debit card, gift card or wire transfer.
- Ask for credit or debit card numbers over the phone.
- Threaten to contact local police, immigration officers or other law enforcement to arrest the taxpayer for non-payment of taxes.
- Threaten legal action such as a lawsuit.
- Threaten to revoke the taxpayer’s driver’s license, business license or immigration status.
- The IRS will not leave a prerecorded message asking a taxpayer to call back.
- The IRS never uses text messages or social media to discuss personal tax issues such as billing and refunds.
If a taxpayer doesn’t owe tax or think they don’t owe any tax, they should:
- Not give out any information. Hang up immediately.
- Contact the Treasury Inspector General for Tax Administration. Use TIGTA’s “IRS Impersonation Scam Reporting” web page to report the incident.
- Report the incident to the Federal Trade Commission. Use the “FTC Complaint Assistant” on the FTC.gov. Please add “IRS Telephone Scam” to the comments of your report.
- Report the caller ID and/or callback number to the IRS at email@example.com (Subject line: IRS Phone Scam).
E-mails: In most cases, an IRS phishing scam is an unsolicited email that claims to come from the IRS. Criminals often use fake refunds, phony tax bills or threats of an audit. Some emails actually will link you to a web site that looks real. The scammers’ goal is to have the taxpayer click on that link and give up their personal and financial information on the fake web site. If the scammer is successful, they use that information to steal a victim’s money and their identity. Always remember, the IRS does not initiate contact with a taxpayer through email to request personal or financial information. This information will be requested by the IRS through mail delivered by the United States Postal Service.
Example of IRS Impersonation Email Scam: The subject line may be something like “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.” The email will include a link that show an IRS.gov-like web site with details pretending to be about the taxpayer’s refund, electronic return or tax account. The email also contains a temporary password to access the files to submit the refund. When the taxpayer clicks on this link, it turns out to be a malicious file. Remember, the IRS does not send emails about your tax refund or any sensitive financial information.
If you owe tax or think you owe tax to the IRS:
- Go to irs.gov to see the actual amount owed (view tax account information online). Taxpayers can also review their payment options.
- Call the number on the billing notice or call the IRS at 800-829-1040.
For those taxpayers who get an email from the IRS requesting personal information:
- Don’t reply to the message or give out your personal or financial information.
- Forward the email to firstname.lastname@example.org.
- Do not open any attachments or click on any links. They may have malicious code that will infect your computer or cell phone.
- Delete the original email.
Text Message: If you receive a text message from someone claiming to be from the IRS, follow these instructions.
- Do not reply.
- Do not open any attachments.
- Do not click on any links.
- Forward the text as-is to the IRS at 202-552-1226 (remember that standard text messaging rates may apply).
- If possible, in a separate text, forward the originating number to the agency at
- Delete the original text.
Website: If you come across a website that appears to be the IRS but you suspect it to be bogus, you should:
- Send an email with the URL of the suspicious site to email@example.com.
- Include a subject line of “suspicious website.”
Social Media: Remember, the IRS does not contact taxpayers through social media to request personal or financial information. Sometimes scammers will pose as an IRS social media account to contact taxpayers about a fake bill or refund.
Home Visits: The IRS recently ended most unannounced visits to taxpayers by agency revenue officers. This should improve the safety for both taxpayers and IRS employees.
With continuing phone scams and in-person scams taking place, remember IRS employees do make official, sometimes unannounced visits to delinquent taxpayers as part of their routine casework.
The reasons these visits occur and how to verify if it is the IRS knocking at your door fall into three categories:
- IRS revenue officers will sometimes make unannounced visits to a taxpayer’s home or place of business to discuss taxes owed or tax returns due. Revenue officers are IRS civil enforcement employees whose role involves education, investigation, and when necessary, appropriate enforcement. Be sure to get their business card and credentials before leaving the officer in your home or business.
- IRS revenue agents will sometimes visit a taxpayer who is being audited. That taxpayer would have first been notified by mail about the audit and set an agreed-upon appointment time with the revenue agent. Also, after mailing an initial appointment letter to a taxpayer, an auditor may call to confirm and discuss items pertaining to the scheduled audit appointment. Be sure to get their business card and credentials before leaving the agent in your home or business.
- IRS criminal investigators may visit a taxpayer’s home or place of business unannounced while conducting an investigation. However, these are federal law enforcement agents, and they will not demand any sort of payment. Criminal investigators also carry law enforcement credentials, including a badge.
IRS representatives will always provide their credentials, called a pocket commission and an HSPD-12 card. Taxpayers do have a right to see these credentials. The taxpayer can request additional ID for verification. Also, upon request, the IRS is able to provide a toll-free employee verification phone number.
For more information, visit “How to know it’s really the IRS calling or knocking on your door” on IRS.gov.
Private Collection Agency: The IRS has assigned a small number of accounts to private-sector collection agencies to collect taxes from taxpayers with overdue federal tax accounts. If you do owe taxes—or think you do—stay alert to scams that use the IRS as a lure. Tax scams can happen any time of year, not just at tax time. For more information, visit “Tax Scams and Consumer Alerts” at IRS.gov.
The process used when a taxpayer’s overdue taxes are passed on to one of four collection agencies used by the IRS is as follows:
- The IRS will send the taxpayer a letter to let them know their case is being turned over to a collection agency. The collection agency will also send the taxpayer a letter confirming they have been assigned to the taxpayer’s account.
- The IRS will assign the taxpayer’s account to only one of the collection agencies they use, never all four.
- The collection agency will…
- Identify themselves and request payment to U.S. Treasury
- Not ask for payment on a prepaid debit or gift card
- Not take enforcement action
Taxpayers who receive the IRS phone scam or any IRS impersonation scam should report it to the Treasury Inspector General for Tax Administration at its IRS Impersonation Scam Reporting site and to the IRS by emailing firstname.lastname@example.org with the subjective line “IRS Impersonation Scam.”
TOP IRS SCAMS
- Phishing: Remember, the IRS will never initiate contact with taxpayers via email about a tax bill or refund. Don’t click on emails or fake web sites claiming to be from the IRS.
- Phone Scams: Criminals impersonating IRS agents remain an ongoing threat to taxpayers. They usually threaten with police arrest.
- Identity Theft: Tax time is the worst time for identity theft, although it can absolutely happen year-round. The IRS aggressively pursues criminals that file fraudulent returns using someone else’s Social Security number. Continue to be extremely cautious when giving out sensitive information. Better safe than sorry!
- Falsely Padding Deductions on Returns: Avoid the temptation to falsify deductions or expenses on tax returns in order to pay less than owed or receive larger refunds. Think twice before overstating deductions such as charitable contributions and business expenses or improperly claiming credits such as the Earned Income Tax Credit or Child Tax Credit.
- Falsifying Income to Claim Credits: Don’t invent income to erroneously qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers should file the most accurate return possible because they are legally responsible for what is on their return. Claiming false income can lead to taxpayers facing large bills to pay back taxes, interest and penalties. In some cases, they may even face criminal prosecution.
- Abusive Tax Shelters: Don’t use abusive tax structures to avoid paying taxes. Everyone should be on the lookout for people peddling tax shelters that sound too good to be true.
- Frivolous Tax Arguments: Don’t use frivolous tax arguments to avoid paying tax. Promoters of such schemes encourage taxpayers to make unreasonable and outlandish claims, even though they have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.
- Offshore Tax Avoidance: It’s never a good idea to hide money and income offshore. Taxpayers are best served by coming in voluntarily and taking care of their tax-filing responsibilities. The IRS offers the Offshore Voluntary Disclosure Program to enable people to catch up on their filing and tax obligations.
- W-2 Phishing: The scammer poses as an internal executive requesting employee Forms W-2 and Social Security Number information from company payroll or human resources departments. The personal information is then used for identity theft and to file false tax returns.
Giving to a charity can be very fulfilling. However, taxpayers should be cautious about groups masquerading as charitable organizations to attract donations from unsuspecting contributors. This is especially true right now during the COVID-19 Pandemic.
Some basic tips offered by the IRS for taxpayers making charitable donations:
- Be aware of charities with names that are similar to familiar or nationally known organizations. Some phony charities use names or web sites that sound or look like those of respected, legitimate organizations. IRS.gov has a search feature, Exempt Organizations Select Check, which allows people to find legitimate, qualified charities to which donations may be tax-deductible. A legitimate charity will not be afraid to provide their Employer Identification Numbers (EIN), if requested, which can be used to verify that they are legitimate. It is advisable to double check using a charity’s EIN.
- Don’t give out personal financial information, such as Social Security numbers or passwords, to anyone who solicits a contribution. Scam artists may use this information to steal identities and money from victims. Donors often use credit cards to make donations. Be cautious when disclosing credit card numbers. Confirm that the charity is legitimate.
- Don’t give or send cash. For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the gift.
Popular types of scams when it comes to charities are those following major disasters. It’s common for scam artists to impersonate charities to get money or private information from well-intentioned taxpayers. Some scammers operating fake charities may contact people by telephone or email to solicit money or financial information. They may even directly contact disaster victims and claim to be working for or on behalf of the IRS to help the victims file casualty loss claims and get tax refunds.
To help disaster victims, the IRS encourages taxpayers to donate to recognized charities. Disaster victims can call the IRS toll-free disaster assistance telephone number (866-562-5227). Phone assistors will answer questions about tax relief or disaster-related tax issues.
PROTECT YOUR SMALL BUSINESS
Avoid being compromised online by following these steps:
- Keep your computer and anti-virus software set to update and run automatically.
- Use different and strong passwords for each online account.
- For your mobile phone, check often for software updates and only install trusted apps.
- Contact your phone provider to add a password or PIN to your accounts.
TEACH TEENS ONLINE SAFETY
Parents teach their children how to balance a checkbook, how to drive and how to cook; why not teach them internet safety?
- Security is important. Teach your teens not to reveal too much about themselves. Leaving a trail of personal information is making the fraudster’s job so much easier. Remind your teens not to reveal their birthday, address, age and especially not their social security number.
- Firewall and anti-virus software. Remind your teens to always use firewalls and anti-virus protection to protect sensitive information found in documents such as school transcripts and college applications.
- Recognizing and avoiding scams. Recognizing scams is of utmost importance. Explain to your teens what scams are, how to recognize them and how to deal with them.
- Personal data. Advise your teen to only shop at reputable online retailers. Point out how to verify the shopping site is secure. Personal information is like cash; don’t leave it lying around.
- Public Wi-Fi risk. Explain while public Wi-Fi may be free and convenient, it’s not always safe. Hackers can easily steal information from their device if connected to public Wi-Fi. Remind them to use a virtual private network (VPN) when connecting to public Wi-Fi.
COMMON SCAMS AS REPORTED BY THE CREDIT BUREAU
- Imposter Scam: The caller pretends to be calling from the government, a business or relative with an emergency in order to obtain sensitive information or money.
- Car Scams: The scammer posts a picture of a car on line and gives logical reasons why the price is so low (i.e., they are being deployed in the next several days or they are starting college very soon, etc.). The seller will then ask the prospective buyer to purchase prepaid gift cards in the amount of the sale and share the prepaid codes. The buyer is then told the car will be delivered but obviously the car, since an imposter, does not arrive and the buyer doesn’t hear back from the seller and has lost that money. Remember, if the price is too good to be true, don’t fall for it.
- Fake Bank Apps: Large banks have scammers posing as them who send emails stating they need information from the recipient. They ask the recipient to click on a link within the email. They tend to use phrases such as “Your account is at risk” to get your attention so you reply before thinking. DO NOT CLICK ON THE LINK. If you suspect it may truly be from your bank, close the email and go to your bank’s web site to see if this information is needed. Never click on links in suspicious emails. This is all an attempt to collect sensitive information.
- Home Improvement Scams: When the weather gets nicer, home improvement scams begin. Some scammers go door-to-door offering their services, take a deposit and then never complete the work. If you are unsure of the legitimacy of the salesman and are interested in their services, ask for a card and tell them you will get back to them. Do some research on the company by going to the Better Business Bureau web site (bbb.org). Another prime time for these types of scams is after a natural disaster (flooding, hurricanes, tornadoes, etc.)
- Jury Duty Scams: Scammers posing as a police or judicial official call the victim and tell them they did not report to jury duty and therefore owe a fine. The scammers go as far as spoofing the number from which they are calling to make the victim believe it’s a real call.
- Medicare Scam: An example of Medicare scam is a criminal using a cardholder’s Medicare benefits to obtain equipment such as an electric wheelchair. Then, if something happens to the cardholder and they need that particular equipment, they are unable to get it because Medicare has record of the patient already obtaining that piece of equipment.
- Netflix Scam: Scammers will send a phishing email to subscribers with the subject line stating “payment declined” or “please update your payment details” to get the victim’s attention. They include a fake link in the email asking you to click to update your information. If you suspect your information may need to be updated, type the Netflix address in the browser instead of clicking on the link.
- Porting Scams: This scam involves stealing your phone number and phone service to get access to your bank account through confirmation text messages. The scammer begins by obtaining your name, phone number and then they gather more information on you such as address, social security number and date of birth. They then contact your mobile carrier and state that your phone has been stolen and ask to “port” the number over to another provider and device. After your phone has been ported to a new device, the scammer can then start accessing your accounts that require additional authorization, such as coded text to your phone.
- Romance Scams: The scammer sets up an account on a dating site with fake information and photos that are too good to be true. Once a target has been zeroed in on, the scammer makes up a story that they would like to visit you but there is a problem with finances and ask if the victim can send money so they can finally meet (another tactic is the scammer will tell the victim they have a sick relative and are in need of money to help them). Seniors are usually the primary target for this scam. Signs that the person you are talking to online is a scammer: They ask you for money and try to lure you off the dating site; they profess love quickly and claim to be from the US but currently are overseas for business/military; they claim to need money for an emergency—hospital bills or travel; plans to visit but can’t because of emergency.
- Shimmer Scams: A shimmer is a very thin piece of paper that can read chips in credit cards and debit cards. The sheet of paper is placed in an ATM and it will read information on the card used. This allows the scammer to create a non-chip version card which contains only the magnetic strip.
- Veterans scams: Scammers offer pension buyouts to veterans or ask them to donate to a charity that sounds real but isn’t real. The scammers can also take the donor’s personal information to create a new identity or even commit more crimes under the veteran’s name.
- Fake Invoice Scam: Scammers pretend they are a well-known tech company and email a fake invoice to the victim for a supposed purchase of an app or music. The email tells the victim to click on a link within the email. If you haven’t made any such purchase …STOP! DO NOT CLICK ON THE LINK. The scammer is trying to commit identity theft or they may be trying to gain access to your computer and can even lock you out of important files on your computer.
- “Neighbor Spoofing” Scam: When you receive a phone call that has the first 6 digits the same as your number, it can lead you to believe it’s a local call. Scammers are counting on you believing it’s local and therefore you are more likely to pick up. These days it’s very easy to fake caller ID numbers. Remember, if you see what appears to be a local number on your caller ID, it could be fake. If you answer and don’t recognize the caller, hang up.
- Social Media Scams: The FTC reported that $117 million has been lost to social media scams from January to July 2020. If you use social media, be cautious of fun quizzes, fake messages from hacked profiles and financial relief offers. Scammers use these methods to obtain personal information from you or to download malware onto your device.
RECAP ON SECURITY
For families with children and aging parents, it’s important to make sure everyone guards their personal information online and at home.
If everyone in your family uses the same computer, do not turn off any security software or open any suspicious emails. Never click on embedded links or download attachments of emails from unknown sources. Actions by one computer user could infect the machine for all users.
Do not store credit card information on any web site (Amazon, EBay, etc.). Kids & aging parents should be warned against oversharing personal information on social media. Oversharing addresses, a new family car or a parent’s new job gives identity thieves a window into an extra bit of information they need to impersonate you.
Don’t assume ads or emails are from reputable companies. Check out companies to find out if they are legitimate. When you’re online, a little research can save you a lot of money and reduce your security risk. If you see an ad or an offer that looks too good, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you cannot find contact information for the company, take your business and your financial information elsewhere. Even if a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.
Aging parents may also need assistance for someone to routinely review charges to their credit cards or withdrawals from their financial accounts. Unused credit cards should be canceled. An annual review should be made of their credit reports at annualcreditreport.com to ensure no new accounts are being opened by thieves, and reviewing the Social Security Administration account to ensure no excessive income is accruing to their account.
Seniors also are especially vulnerable to scam calls and pressure from fraudsters posing as legitimate organizations, including the Internal Revenue Service, and demanding payment for debts not owed. The IRS will never make threats of lawsuit or jail or demand that a certain payment method, such as a debit card, be made.
Some simple steps—and a conversation—can help the young and old avoid identity theft schemes and scammers.
Here are a few basic tips to recognize and avoid a phishing email:
- It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link for your convenience when in reality it may be a link to a spoofing site that may look similar to the legitimate official web site. Do not click on the link. Instead, hover the mouse over the link to see where the link will be taking you. If the email address contains the name of a person, contact that person and see if they sent the email. Remember not to use the email address or phone number contained within the email since that may lead you to the criminal.
- It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
- It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as the IRS or other government agencies.
- It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links. You may want to call your friend and see if they sent you an email.
- It has a lookalike or identical URL. Some emails from friends look questionable. Look at the address. If the address looks similar or identical, place your cursor over their address and see if it’s the same address as your friend. If not, delete immediately. If the address matches your friend’s email address but the email has a link to click on and sounds “off,” call your friend to be sure they sent the email. If not, delete immediately. Most likely the email contains malware.
- Use security features. Your browser and email provider generally will have anti-spam and phishing features. Make sure you use all of your security software features.
- It has a logo or grammar that is “off”. If the email contains a logo, does it appear to be stretched or broken? Many times, phishing emails containing a popular company logo will have a logo that isn’t quite as clear as the real company. Also, if the email has text in the body of the email, read the email carefully and look for spelling or grammatical errors. Phishing emails are far from perfect when it comes to their wording or spelling.
Here are a few simple steps you can take to protect yourself:
- Avoid suspicious phishing emails that appear to be from the IRS or other companies; do not click on the links.
- Beware of phishing scams asking you to update or verify your accounts.
- Beware of emails with an attachment from someone you know that sounds “strange,” like something they wouldn’t send. The email address attached to the email may be their actual email address but if you are not 100% sure the sender would send such an email, call the person to be sure they sent you the email. If they tell you they haven’t sent you an email, delete the email; it is most likely malware and could infect your computer.
- Download and install software only from web sites you know and trust.
- Use security software to block pop-up ads, which can contain viruses. Avoid “free” security scans or pop-up advertisements for security software.
- Ensure your family understands safe online and computer habits.
- Look for the “S” when shopping or banking online. “Https” should be at the beginning of the web address. The “s” is for secure. Unencrypted sites begin with an http address. Additionally, make sure the https carries through on all pages, not just the sign-on page.
- Secure Wireless Networks. A wireless network sends a signal through the air that allows it to connect to the Internet. If your home or business Wi-Fi is unsecured, it also allows any computer within range to access your wireless and potentially steal information from your computer. Criminals also can use your wireless to send spam or commit crimes that would be traced back to your account. Always encrypt your wireless. Generally, you must turn on this feature and create a password.
- Be cautious when using public wireless networks. Public Wi-Fi hotspots are convenient but often not secure. Tax or Financial Information you send through web sites or mobile apps may be accessed by someone else. If a public Wi-Fi hotspot does not require a password, it probably is not secure. Remember, if you are transmitting sensitive information, look for the “s” in https in the web site address to ensure that the information will be secure.
- With social media being so popular today, some people post their location or photos of where they are at the present time, whether vacationing or at a restaurant. This basically tells the world you are not home. The best thing to do if you are on vacation, is wait until vacation is over and then post your photos and videos of your vacation.
- Change passwords frequently. Passwords should contain a combination of at least 12 upper case letters, lower case letters, numbers and symbols. Longer is better.
Here are a few basic steps to making passwords better and stronger:
- Add password protections to all devices. You should use a password to protect any device that gives you that opportunity. Not only your computer, tablet or mobile phone but also your wireless network. The password is your first line of defense.
- Change all factory password settings. If your device comes with factory password settings, for example the camera on your laptop, change it immediately.
- Longer is better. A password should be a minimum of 12 but longer is better. It should be a combination of upper case letters, lower case letters, numbers and special characters. Do not use your name, birthdate, sibling’s, pet’s or child’s names. Also, substituting numbers and symbols for letters in words or phrases can make it more difficult for a criminal to crack your password.
- Do not repeat passwords. These days, people often have multiple password-protected accounts. Do not use the same password repeatedly. Should a thief steal your password, he immediately will have access to other important accounts. Use different passwords, especially on important financial or tax accounts.
- Don’t share passwords. Never share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam. Keep your passwords in a secure place, out of plain sight.
- Use two-factor authentication options. Many social media and financial institutions now give you the option of setting up a two-factor or two-step authentication process. A two-factor process involves a security code being sent to your registered mobile phone or personal email. This means if a thief manages to steal your user name and password, he will be blocked from accessing your accounts.
- Consider a password manager. One option for keeping track of your passwords on multiple accounts and getting help in creating strong passwords is to use a password manager. Some reputable companies offer free or low-cost versions of their products. See if a password manager might be right for you.
Here are steps you can make part of your routine to protect your personal identity tax and financial information:
- Read your credit card and banking statements carefully and often; watch for even the smallest charge that appears suspicious. (Neither your credit card nor bank—or the IRS—will send you emails asking for sensitive personal and financial information such as asking you to update your account.)
- Review all paper notices and correspondence from the Internal Revenue Service, Department of Revenue, or any other government agency. As long as the notice is official you may need to respond. Our clients might want to seek advice from us before responding to any income tax notices. Warning signs of tax-related identity theft can include IRS notices about tax returns you did not file, income you did not receive or employers you’ve never heard of or where you’ve never worked.
- Review each of your three credit reports at least once a year. Visit annualcreditreport.com to get your free reports.
- Review your annual Social Security income statement for excessive income reported. You can sign up for an electronic account at SSA.gov.
- Read your health insurance statements; look for claims you never received.
- Shred any documents with personal and financial information. Never toss documents with your personally identifiable information, especially your social security number, in the trash or recycle bin.
- If you receive any routine federal deposit such as Social Security Administrator or Department of Veterans Affairs benefits, you probably receive those deposits electronically. You can use the same direct deposit process for your federal and state tax refund. IRS direct deposit is safe and secure and places your tax refund directly into the financial account of your choice.
- Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records you store on your computer. Use strong passwords.
- Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as your bank, credit card company and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
- Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure. Treat your personal information like you do your cash; don’t leave it lying around.
- Do not give a business your SSN or ITIN just because they ask. Give it only when required.
- Do not give personal information over the phone, through the mail or on the internet unless you have initiated the contact or you are sure you know with whom you are dealing.
- Secure personal information in your home.
- Whether stored on paper or kept electronically, the IRS urges taxpayers to keep tax records safe and secure, especially any documents bearing Social Security numbers. The IRS also suggests scanning paper tax and financial records into a format that can be encrypted and stored securely on a flash drive, CD or DVD with photos or videos of valuables.
- Now is a good time to set up a system to keep tax records safe and easy to find when filing next year, applying for a home loan or financial aid. Tax records must support the income, deductions and credits claimed on returns. Taxpayers need to keep these records if the IRS asks questions about a tax return or to file an amended return.
- It is even more important for taxpayers to have a copy of last year’s tax return as the IRS makes changes to authenticate and protect taxpayer identity. Beginning in 2017, some taxpayers who e-file will need to enter either the prior-year Adjusted Gross Income or the prior-year self-select PIN and date of birth. If filing jointly, both taxpayers’ identities must be authenticated with this information. The AGI is clearly labeled on the tax return.
- If disposing of an old computer, tablet, mobile phone or back-up hard drive, keep in mind it includes files and personal data. Removing this information may require special disk utility software. More information is available on govat How long should I keep records?
If you suspect you are a victim of identity theft, please go to “Identity Theft” on our website’s “Security Awareness” section.