SOURCE: Wombat Security Technologies

Wombat Security Technologies, Inc. logo

February 25, 2016 10:16 ET

Security Spotlight: Avoiding IRS Scams

PITTSBURGH, PA --(Marketwired - February 25, 2016) - Earlier this month, the IRS released a series of alerts about their so-called "Dirty Dozen" list of tax scams -- and phishing emails and vishing (voice phishing) calls were headliners. Just last week, the agency warned that there has been a 400% increase in phishing and malware attacks so far this year. The 1,389 scams that were reported between January 1 and February 16 tops the total number of reported scams in 2014 and is nearly half of the total reported in 2015.

This alarming trend is an indication that tax payers need to be extra vigilant this year. Because although these malicious communications tend to spike at this time of the year, fraudsters use them year-round -- mainly because they work.

How Tax Payers Can Protect Themselves

The most important thing to do with unsolicited emails and phone calls -- particularly those that prompt recipients to divulge personal or financial data -- is to treat them as though they are a threat to personal data security. Many tax-related scams will use scare tactics and threats, or tempt individuals with the promise of a large refund. And they can appear -- through "From" address and Caller ID spoofing techniques -- to come from a trusted source.

Tax payers should follow these pieces of advice to protect personal data and prevent identity theft:

  • According to the IRS website, the agency "doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information," including passwords, PIN numbers, or account numbers. Unsolicited messages from the IRS that request sensitive data should be reported and deleted.
  • Fraudsters have been known to pose as tax preparers in order to obtain sensitive information. Before sharing any personal data via phone or other communication channel, individuals should first confirm that the request is legitimate. It's always safest to make contact through a known, trusted channel (e.g., a confirmed email address or phone number).
  • Scammers will go to great pains to make their communications and websites seem legitimate. Logos and familiar-looking login screens cannot be trusted at face value. When dealing with personal and financial data, individuals should avoid clicking on links in unsolicited messages. Instead, they should type a known address into a web browser or use an established bookmark.
  • If an employee receives a suspicious call or email while at work, the IT department should be alerted immediately as there's a chance that other employees will also be contacted. Users should follow organizational guidelines for reporting phishing emails and other potentially fraudulent activities.

The bottom line: Individuals who receive unsolicited communications from the IRS -- by email, phone, mail, or otherwise -- should not act on them. They should, however, report any suspicious activities to the agency directly. Suspected phishing emails should be forwarded to phishing@irs.gov and then deleted. Instructions for reporting vishing calls and other tax-related scams can be found on the Reporting Phishing and Online Scams page on the IRS website.

Wombat Security has published these tips on their blog for easy sharing with coworkers, friends, and family. They have also developed an infographic that provides advice about avoiding IRS phishing scams.

Wombat Security is a leading provider of security awareness and training tools that help organizations reduce risky end-user behaviors.

Contact Information