In our ever-connected world, cyber safety should be at the forefront of our minds – instinctive even – all year round. But, there are times we need to be extra-vigilant. Tax season is one of them. Scammers evolve their methods every year, but if you apply some basic cyber hygiene practices, you can immunize yourself against the tax scam-du-jour and any others that emerge.
The latest con, about which the IRS issued a warning in November, involves a surge in “tax transcript” scams. These are fraudulent emails impersonating the IRS that use tax transcripts, or tax return summaries, as bait to open the email, which then contains malware. Known as “Emotet”, it’s one of the most costly and destructive malware programs. It can take entire networks down and months to remove. Emotet usually poses as particular banks or financial institutions to try to trick people into opening infected documents.
Many scams rely heavily on imitating the IRS, a form of social engineering or psychological manipulation, into doing things or divulging confidential information. The tax transcript scam often generates fake emails purporting to be from “IRS Online.” The email carries an attachment labeled something along the lines of “Tax Account Transcript,” and the subject line uses some variation of the phrase “tax transcript.”
How can you protect yourself when criminals are masquerading as the good guys? Here are some ways to stay in control:
If you receive a call, text, social media message or email from someone claiming to be from the IRS, hang up or hit delete! The IRS always contacts taxpayers by mail, even if they owe penalties or are being audited. The IRS does not make unsolicited phone calls or send unsolicited emails, text messages or use social media to contact people, and it would never email a document containing your sensitive, personally identifiable information (PII). Read here for details on how to identify genuine communications from the IRS.
Keep your inbox clear of any documents containing PII. If criminals get access to your email account, they could easily access those details and file a false return in your name, or worse, drain your bank account. Employ these other email security best practices.
Monitor your bank and credit accounts closely, if not daily. You may do this every few days or weekly already, but you may want to step up the frequency for a few months around the filing deadline. You may also want to sign up for a credit monitoring service to ensure you catch any suspicious activity. There are several paid services, but remember, Ameris Bank’s Amenity Checking offers this feature.
We’ve touched on the latest scams, but rest assured that the onslaught will continue throughout the year. If you remain watchful and learn to recognize the common ploys, criminals will not be able to penetrate your personal “firewall,” during tax season or any other. Be sure to check out all of our cybersecurity resources and follow us on LinkedIn or Twitter for regular cyber tips.
Written by: Sarah Nicholas
Sarah is the Director of Communications for Serendipity Communications. She lives in Plainwell, Michigan with her husband, daughters and stepson, with twin stepdaughters nearby. She is passionate about cyber safety education for children and enjoys ballet dancing, reading and volunteering at her children’s school.
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual. Ameris Bank is not affiliated with nor endorses any of the companies listed in this article.