Trending Threats | First Bank Security Center
Menu

Trending Threats | First Bank Security Center

IRS, Summit Partners warn on tax deadline scams, ‘IRS Refunds’ email

WASHINGTON – With the April 17 tax deadline approaching, the Internal Revenue Service and Security Summit partners urge taxpayers and tax professionals to be alert to identity theft scams, especially a new email version currently pretending to be from “IRS Refunds.”

As the filing season comes to a close, thieves are stepping up their efforts, warned the Internal Revenue Service and the Security Summit partners. The Security Summit, a partnership between the IRS, state tax agencies and the tax industry, continues to take steps to combat tax-related identity theft.

The “IRS Refunds” scam is a common tactic used by cybercriminals to trick people into opening a link or attachment associated with the email. This link takes people to a fake page where thieves try to steal personally identifiable information, such as Social Security numbers.

Often these links or attachments also secretly download malware that can perform many functions, such as giving the thief control of the computer or tracking keystrokes to determine other sensitive passwords or critical data.

The IRS does not randomly contact taxpayers or tax professionals via email, including asking people to confirm their tax refund information. The IRS initiates most contacts through regular mail delivered by the United States Postal Service.

However, there are special circumstances in which the IRS will call or come to a home or business, such as when a taxpayer has an overdue tax bill, to secure a delinquent tax return or a delinquent employment tax payment, or to tour a business as part of an audit or during criminal investigations.

Even then, taxpayers will generally first receive several letters (called “notices”) from the IRS in the mail.

Note that the IRS does not:

  • Demand that taxpayers use a specific payment method, such as a prepaid debit card, gift card or wire transfer. The IRS will not ask for debit or credit card numbers over the phone. Taxpayers should make check payments to the “United States Treasury” or review IRS.gov/payments for IRS online options.
  • Demand that taxpayers pay taxes without the opportunity to question or appeal the amount they say is owed. Generally, the IRS will first mail a bill to those who owe any taxes. Taxpayers should also be advised of their rights as a taxpayer.
  • Threaten to bring in local police, immigration officers or other law-enforcement to have taxpayers arrested for not paying. The IRS also cannot revoke a driver’s license, business license or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.

With scams like these circulating, taxpayers and tax professionals should take ongoing security precautions to protect their identities and their computer networks from identity thieves. Here are a few basic security steps for taxpayers:

  • Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records stored on computers. Use strong, unique passwords for each account.
  • Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and even the IRS. Do not click on links or download attachments from unknown or suspicious emails.
  • Protect personal data. Don’t routinely carry Social Security cards, and make sure tax records are secure. Shop at reputable online retailers. Treat personal information like cash; don’t leave it lying around.

Here are few basic security steps for tax professionals:

  • Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember: the IRS never initiates initial contact with tax pros via email.
  • Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
  • Review internal controls:
    • Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update.
    • Use strong and unique passwords of 10 or more mixed characters, password-protect all wireless devices, use a phrase or words that are easily remembered and change passwords periodically.
    • Encrypt all sensitive files/emails and use strong password protections.
    • Back-up sensitive data to a safe and secure external source not connected fulltime to a network.
    • Wipe clean or destroy old computer hard drives that contain sensitive data.
    • Limit access to taxpayer data to individuals who need to know.
    • Check IRS e-Services account weekly for number of returns filed with EFIN.
  • Report any data theft or data loss to the appropriate IRS Stakeholder Liaison.
  • Stay connected to the IRS through subscriptions to e-News for Tax Professionals, Quick Alert and Social Media.


Common Sense Tips and Ideas

Threats are ever evolving and keeping up with current threats can be difficult. We encourage you to use caution and never provide confidential information via text, email, incoming call (by a person or automated call), or pop-up ad on your computer. 

When you receive a call or message that seems suspicious or unusual, hang up and call the phone number from your most recent bill or the back of your card. With our increased dependence on electronic devices and the Internet, below is information to help educate and provide you and your business.

Ransomware
Ransomware is malware that is downloaded through email attachments that then encrypts an entire system including any attached storage.  One particular ransomware that businesses need to pay attention to is CryptoLocker.  

The only way to decrypt an infected device is to pay a fee or "ransom" to the malware owner. Preventing the malware from loading is the key. Don't open any email with a .zip file as an attachment - even if you are familiar with the sender.  The exception is if you confirm the sender actually sent the email.

Package Emails 
Beware of email alerts which advise you that a package is being shipped to you, especially when the email contains a link to a tracking number. Clicking through a link in a phishing email can result in malware being downloaded to your PC which may then put your business at risk. 

Never click on links or open attachments from email senders that you are not familiar with or expecting an email from. If the email is from a known sender but appears unusual or is unexpected, call the sender to verify the validity of the email before you open it or click on any links.

Java Security 
A large percentage of PCs with Java do not contain Java security patches or are not running the most current version of Java. Java runs on millions of PCs and is often exploited by cyber criminals to infiltrate or attack your PC. To combat this vulnerability, as part of your overall security best practices, keep Java up to date and secure.

Account Takeover 
This is a common form of identity theft for business customers. An account takeover occurs when a fraudster has an individual's information such as social security number, User ID and password, account number, and/or access to email accounts. Once the fraudster has access to this information, they can use it to pose as the customer and conduct unauthorized transactions.

Social Engineering 
There are many ways a criminal can obtain confidential information. Social engineering is a contributing factor to these and many more scams. Fraudsters use every avenue of communication to have you divulge sensitive account information.

Phishing

Phishing uses fraudulent emails or pop-up messages to attempt to collect personal or account information. These messages often have a sense of urgency that suggests dire consequences, such as an email from your 'bank' stating your account has been or will be frozen. 

Smishing

Smishing uses a text message from an unknown number, asking you to click a link to another site or call a phone number. They entice you to provide personal or account information and may attempt to infect your mobile device with malware. 

Vishing 

Vishing uses the telephone in an attempt to get the user to provide personal or account information, often presenting themselves as legitimate businesses offering assistance to the user. 

 

Contact Us / Questions?

Your security is important to us.  When communicating via email please do not include any personal, business or confidential account information.  Thank you!