By JD Biersdorfer, The New York Times Company
Fraud is a year-round activity, but tax season brings an increase in calculated schemes to steal money and personal information through forged messages and other means. Cybersecurity firms have also reported an increase in fraud attempts that exploit the conflict in Ukraine — a situation that has heightened fears of potential cyberattacks on US businesses through ransomware and other malware. You can better protect yourself if you know what’s going on. Here is a guide.
Avoid the tax scam
The Internal Revenue Service does not make initial contact with taxpayers via email, text message, or social media channels to request personal and financial information, including bank account or credit card numbers, passwords, password or PIN codes. Messages requesting this information are deceptive “phishing” attempts to steal money and identities.
If the IRS needs your attention, it starts with a notice by regular mail through the US Postal Service in most cases.
The IRS will not send unexpected messages about verifying statements, sending stimulus payments, collecting your taxes, or “cancelling your social security number.” An IRS representative may call or visit when a taxpayer has an overdue bill or has other tax-related issues. But even then, written notification is usually sent first, according to the agency.
Fraudulent phone calls and voicemails using spoofed agency numbers and fake IRS agent ID are common. Again, the agency usually mails a notice first. He doesn’t call out of the blue to discuss tax refunds, threaten to be arrested by local law enforcement, or demand immediate payment in a specific form. Tax bills are paid to the US Treasury and not directly to “agents” requiring funds in iTunes or Amazon gift cards, prepaid debit cards, e-cash, or wire transfers.
The Tax Scams/Consumer Alerts page of the official irs.gov site has a long list of current and classic scams. And the site offers a guide to verifying real IRS agents and identifying legitimate debt collectors.
Opportunistic scammers quickly take advantage of natural disasters and humanitarian crises, including the COVID-19 pandemic and the war in Ukraine. Beware of messages from unknown organizations asking for credit card or cryptocurrency donations – or claiming to be from refugees or the military. Crowdfunding campaigns should be avoided or scrutinized unless you know the organizer.
If you’d like to donate but aren’t sure where, review sites like CharityWatch and Charity Navigator have guides showing where your contribution can be most helpful. The Opinion section of The New York Times offers suggestions for humanitarian aid in Ukraine, including Direct Relief, Mercy Corps, International Medical Corps and Save the Children.
And when you find a favorite charity’s site, check the URL carefully. Scammers use “typosquatting” (registering a purposely misspelled domain name near the address of a legitimate site) in the hope that bad typists will inadvertently land on their malicious pages.
Report a scam attempt
If you receive an unsolicited email claiming to be from the IRS, you can report it by forwarding the message to firstname.lastname@example.org. The Treasury Inspector General for Tax Administration has a hotline for reporting attempted tax evasion at 800-366-4484; the department has a portal page for complaints.
You can file a general fraud report on the Federal Trade Commission website.
Gmail and Outlook.com include menus for reporting phishing attempts, while Yahoo has a form to fill out.
Be warned, though: if you fall victim to a scam involving a Zelle money transfer, your bank may not support you if you authorized the transaction.
As the Federal Trade Commission notes, common signs of a scam typically include someone impersonating a familiar organization and telling you there’s a problem (or, sometimes, a prize). The scammer urges you to act immediately and demands payment in a specific way.
Most fraud attempts are easy to spot. Messages laden with typos, impersonal “official correspondence” from Gmail and Yahoo accounts, and voicemails left in the speech of a robotic computer are instant red flags. Fake invoices and forged PayPal reviews remain popular phishing lures.
You can avoid many phishing lures by adjusting your email program’s spam filters and blocking unwanted calls and text senders. Allow unknown callers to voicemail.
Make sure your browser is configured to block pop-up messages and warn about malicious sites. Do not install apps from unknown developers and keep antivirus software enabled on your computer. If the spam gets through, don’t call the number or open the attachment – it’s probably malware. If you have any concerns about an account, open your browser and go to the company’s website, avoiding any links in messages.
The Consumer Financial Protection Bureau’s site has a detailed page on frauds and scams that are currently circulating. And even if you have been a safe computer user for years, you probably have a friend or relative who isn’t as tech-savvy and could use your help.
This article originally appeared in The New York Times.