Fraud is a year-round activity, but tax season brings an uptick in calculated schemes to steal money and personal information through fake messages and other means. Cybersecurity firms have also reported an increase in fraudulent attempts to exploit the conflict in Ukraine – a situation that has raised concerns about potential cyberattacks on US companies via ransomware and other malicious software. You can better protect yourself if you know what’s outside. This is a guide.
Avoid tax scams
The Internal Revenue Service does not first contact taxpayers via email, text message, or social media channels to request personal and financial information – including bank account or credit card numbers, passwords password or PIN. The messages requesting such information are “phishing” attempts to steal money and identity.
If the IRS needs your attention, it begins with a regular mail notice through the United States Postal Service in most cases.
The IRS won’t send out surprise notices about auditing your profits, sending stimulus payments, collecting your taxes, or “cancelling your Social Security number.” An IRS representative may call or visit when a taxpayer has past due bills or other tax-related problems. But even then, written notice is usually sent first, according to the agency.
Scam phone calls and voice messages using fake agent numbers and fake IRS agent identities are common. Again, the agency usually mails the notice first. It doesn’t call out of the blue to discuss tax refunds, threaten arrest by local law enforcement, or demand immediate payment in a particular form. Tax invoices are paid to the U.S. Department of the Treasury and not directly to the “agent” requesting funds in iTunes or Amazon gift cards, prepaid debit cards, e-cash, or wire transfers.
The Tax Scams/Consumer Alerts page on the official irs.gov site has a long list of classic and current scams. And the site has a guide to verifying real IRS agents and identifying legitimate debt collectors.
Donate wisely
Opportunity scammers are quick to take advantage of natural disasters and humanitarian crises, including the Covid-19 pandemic and the war in Ukraine. Receive messages from unknown organizations asking for donations by credit card or cryptocurrency – or purportedly from refugees or members of the military. Crowdfunding campaigns should be avoided or scrutinized unless you know the organizer.
Most fraud attempts are easy to detect. Messages full of typos, impersonated “official correspondence” from Gmail and Yahoo accounts, and voicemail messages left in the robot’s speech are immediate red flags. Fake invoices and fake PayPal notifications are still common scams.
You can avoid many scams by tweaking your mail program’s spam filters and blocking unwanted calls and text senders. Allow unknown callers to voicemail. Wirecutter, a website owned by the Times, has a guide against spam calls.
Make sure your browser is set up to block pop-up notifications and warnings about malicious websites. Do not install applications from unknown developers and always have anti-virus software on your computer. If the spam gets through, don’t call the number and don’t open the attachment – it could be malware. If you’re worried about accounts, open your browser and go to the company’s website, avoiding the links in the message.
The Consumer Financial Protection Bureau’s website has a detailed page on ongoing fraud and scams. And even if you did Having practiced secure computing for years, you probably have a friend or relative who isn’t tech-savvy – and can use your help.