Don’t fall for “IRS” scams this tax season

February 4, 2016

April 15 is a day that lives in infamy in the hearts of Americans. Now this date is not significant for any holiday, but rather the day that the Tax Man comes a calling. In a digital age, it may be the one day that you see a line around the corner at your local post office as the April 15 post date is what you technically need in order to get your taxes in on time.

However the IRS and the American taxpayers are not the only ones with this in mind. Given the sheer mass of US taxpayers and the age gap that they cover, this is the prime season for scammers and cybercriminals to make a quick and easy buck off the back of every-day citizens.

But hey, you don’t have to take our word for it; the IRS has said as much in a statement back in the tail end of 2015:

As part of the Security Summit initiative, the IRS has been working closely with the tax industry and state revenue departments to provide stronger protections against identity theft for taxpayers during the coming filing season.

This year, the IRS expects to see 150 million returns filed from individuals with four of five being done electronically (software or e-filing). If you do the math that is a heck of a lot of data being transmitted across the Web, and it didn’t take long for scams to pop up in 2016.

In the Tweet above, our colleague Dmitry Bestuzhev from our GReAT team showcases a classic phishing scheme pretending to be the IRS. Unfortunately, this type of thing is not new and the IRS has a whole page dedicated to both online and offline sources of fraud. In fact, out of 10,000 scams tracked by the Better Business Bureau in 2015, nearly ¼ of the scams were related to taxes.

Aside from the example shown by Dmitry, there have been a few other scams that have already made headlines in 2016 that you should really be aware of.

Phone Extortion — since 2013, there have been over 900,000 phone calls to individuals noting that the IRS needed immediate payment or the recipient will face legal penalties or jail. Each year the scam pops up with variants here and there, and unfortunately much like ransomware, some victims pay and give up their hard earned cash to a fraudster.

Phishing emails — as noted in the Tweet above from Dmitry, these emails are already in the wild. So when you are looking at emails, be vigilant on what exactly you are clicking on, because someone else is banking on you not looking into that.

False filings — we write time in and time out on security and data breaches. It seems like every month that there is some kind of leak that impacts a pocket of people. Believe it or not, the IRS has seen cases where people’s tax returns were legitimately halted because someone with that social security number had already filed their taxes. Unlike the justice system, people hit with this have to go to great lengths to prove that they were the victims of a scam since the computers see a valid SSN filing.

Great… how do I stay safe???

The purpose of this blog was not to scare you, but rather to educate you on some of the tactics that scammers use to steal from innocent people like you. The IRS is also quite aware of the risks and bad folks out there. They are doing their job and have made stopping fraud part of their highest priority as they stopped payments to over 1.4 million dollars equating to $8 billion dollars in the first 11 months of 2015.

While that is fine and dandy, you cannot trust in the government to stop your Nigerian uncle from stealing your information and collecting your well-deserved tax refund. Here are three tips to follow to help keep your cash safe:

Trust No One. Growing up, the X-Files was huge in my house. While there were many things that came and went with the show, the underlying theme of “trust no one” always stuck with me. Working at Kaspersky Lab now for over six months has helped solidify that with the countless nasty things we report on happening in cyberspace.

A simple rule to follow when it comes to your finances is that if something seems off to question it. You are calling for money? Ask for names and if you can call back, then turn to Google to fact check. If you owe the government money, they will find you in more ways than one and it is always OK to follow up with the IRS as they mention on their site for fact checking. The same goes for emails. And if it walks like a duck and talks like a duck, well…

Fill in the blank… If it walks like a duck, or talks like a duck. It is a _________.

A photo posted by Kaspersky Lab (@kasperskylab) on

Identity and Credit Monitoring. There are a slew of products out there that will help you proactively monitor your credit and identity. Some are included with credit card or banking accounts while others are tied into third-party identity programs. We suggest you look into these for protecting your online identity beyond the basic cybersecurity hygiene with passwords and privacy settings.

Don’t give up your pertinent details. This kind of falls into the “Trust No One” bucket above, but is worth its own segment. In all honesty, unless it is for a specific tax reason, you should not be giving your social security number out freely just because someone asks for it. Unless you can confirm that you are really chatting with an agent of the government for legitimate purposes, there is no need to simply hand it over.

I had a robo-call the other day come in to our home saying that we needed to leave our social security number on their automated system. After Googling, the name of firm did not match name on VM so I left a number for them to call back asking what the hell they were looking for with their robot stuff.

That was over a week ago, I think I know where that was. But I am sure that if that tactic works for them one out of 1,000 times, it is worth it to them. If you have elderly relatives, I would advise you sharing this with them, as it could be quite scary to hear a call like this to someone who may be on a fixed income.

While these tips could help you, we do encourage you to stay vigilant as criminals don’t care about you and are always looking for ways to swindle money without working too hard for it. If you see any scams, feel free to drop them in the comments below.