Fraud and Phishing AlertThe start of tax season marks the rise of fraud designed to deceive you and your employees. These scams are often very sophisticated and may come from perceptibly legitimate sources like the IRS. Although we take many precautions to protect you, your identity, and your technology by deploying a layered approach to security with our outsourced managed IT services, criminals are always seeking kinks in the armor. We hope that bringing awareness to these issues will help protect you from falling victim to the damage and headaches caused by these nefarious acts.

Overview of the IRS “Dirty Dozen” Tax Scams

  1. Phone Scams: Aggressive and threatening phone calls by criminals impersonating IRS agents.
  2. Phishing: The use of fake emails and websites looking to steal personal information.
  3. Identity Theft: Fraudulent filing of tax returns using some else’s Social Security Number
  4. Return Preparer Fraud: Dishonest tax preparers that perpetrate refund fraud, identity theft, and other scams.
  5. Offshore Tax Avoidance: Offshore tax sheets and financial organizations that help them.
  6. Inflated Refund Claims: Tax preparers who promise inflated returns or charge fees based on a percentage of the return.
  7. Fake Charities: Groups masquerading as charitable organizations to attract donations from unsuspecting contributors.
  8. Hiding Income with Fake Documents: Hiding taxable income by falsifying 1099’s or other documents.
  9. Abusive Tax Shelters: Use of abusive tax structures to avoid paying taxes.
  10. Falsifying Income to Claim Credits: Avoid inventing income to erroneously claim tax credits.
  11. Excessive Claims for Fuel Tax Credits: Avoid improper claims for fuel tax credits.
  12. Frivolous Tax Arguments: Avoid using frivolous tax arguments to avoid paying their taxes.

To see more details about the “Dirty Dozen” please visit the IRS Website at http://www.irs.gov/uac/Newsroom/IRS-Completes-the-Dirty-Dozen-Tax-Scams-for-2015

How to Avoid Phishing Scams

  • Be suspicious of any email or communication (including text messages, social media post, ads) with urgent requests for personal financial information.

Phishers typically include upsetting or exciting (but false) statements to get people to hand over their usernames, passwords, credit card numbers, Social Security numbers, date of birth and other personal information.

  • Avoid clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine. Calling the company to verify its legitimacy is also an option, too.

Pay attention to the website you are being directed to and hover over URLS. An email that appears to be from PayPal could direct you to a website that is instead “http://www.2paypal.com”or “hxxp://www.gotyouscammed.com/paypal/login.htm.”

  • Don’t send personal financial information via email, and avoid filling out forms in email that ask for your information.

You should only communicate information such as credit card numbers or account information via a secure website or telephone.

  • Use a secure website (https:// and a security “lock” icon) when submitting credit card or other sensitive information online.

Never use public, unsecured WiFi for banking, shopping or entering personal information online, even if the website is secure.

When in doubt, your 3/4G or LTE connection is always safer than using public WiFi

Other Helpful Phishing Prevention Tips:

  • Unless an email is digitally signed, you can’t be sure it wasn’t forged or spoofed.
  • Double-clicking the “lock” icon on a website will display the security certificate for the website.
  • If the certificate isn’t displayed, or you get a warning message that the address of the website does not match the certificate, do not continue.
  • Typically, phisher emails are not personalized, but they can be. Valid messages from your bank and e-commerce companies are personalized. When in doubt, call the company directly to see if the email is in fact from them.
  • Phishers have the ability to spoof and/or forge the https:// that you normally see on a secure Web server and a legitimate-looking Web address, which – again – is why you should always type the web address yourself instead of clicking on displayed links.

Anti-Phishing Working Group