Don’t Get Hooked by a Phishing Expedition
Sometimes, the easiest way a crook can steal your personal information is to simply ask you for it.
Every day, taxpayers fall victim to scams through emails, websites, texts or phone calls and turn over data thinking they’re dealing with an official agency or business. But that email, web page, text, or call is a “spoof,” a fake that only appears to be the real thing. It’s all designed to lure you into giving them the information they want – your Social Security Number, your passwords – whatever.
Phishers are aces at impersonation. And they’ll try to lure you into opening their email or other message and clicking a link to “verify your information.” One good general rule of thumb is don’t give out your personal information if you get an unsolicited email request.
This is National Tax Security Awareness Week. And Drake, the Internal Revenue Service, state tax agencies and tax industry partners are all urging taxpayers to learn to recognize and avoid phishing scams. To that end, we could all benefit from a short course in how to recognize possible phishing attempts.
It might be phishing if…
- It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link to a spoofing site that may look similar to the legitimate official website. Do not click on the link. If in doubt, go directly to the legitimate website and access your account.
- It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment could be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
- It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as government agencies. Thieves often try to imitate the IRS and other government agencies.
- It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links.
- It has a lookalike URL. The questionable email may try to trick you with the URL. For example, instead of www.irs.gov, it may be a false lookalike such as www.irs.gov.maliciousname.com. You can place your cursor over the text to view a pop-up of the real
Remember to use security features. Your browser and email provider generally will have anti-spam and phishing features. Make sure you use all of your security software features.
It takes everyone’s help to fight identity theft. That’s why, as part of the Security Summit effort, we have joined the public awareness campaign that we call Taxes. Security. Together. Check out the web page, or read Publication 4524, Security Awareness for Taxpayers.