During tax season, cyber criminals target taxpayers by the masses. Each year, many taxpayers are fooled into disclosing their personal information. Organizations also fall victim to these scams while accidentally disclosing the tax information of employees to scammers.

The IRS Tax Season “Dirty Dozen”

Each year, the IRS launches its “Dirty Dozen” campaign warning taxpayers about the worst of the worst tax scams that could lead to tax fraud and identity theft. The 2019 campaign kicked off earlier this week. It’s no surprise that the number one threat is phishing scams. Businesses and professionals are most commonly targeted via text messages, social media platforms, websites, and email.

In the kick off, Commissioner Chuck Rettig warned people to “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails.” While phishing scams are not exactly “new”, the evolution and overwhelming consistency of these threats continue to put them at the top of scams to beware of for 2019.

Beware of These Targeted Attacks

One of the cleverest attacks involves cyber criminals stealing personal data and filing fraudulent tax returns. The criminal will use the taxpayer’s bank account to direct deposit the fraudulent tax refunds and then they’ll use various tactics to reclaim the refund from the taxpayer, including falsely claiming to be from a collection agency or the IRS. If you have an unexpected deposit in your bank account, follow these steps

In another newly developed attack, the criminal will specifically target payroll professionals or human resources personnel and pretend to be:

  • a business requesting for payment of a fake invoice
  • an employee seeking to re-route a direct deposit
  • someone within the organization, such as an executive, to initiate a wire transfer.

Always practice extra precautions when opening emails or text messages regarding tax returns, W-2s, or personal information.

Detect and Prevent

Cybersecurity awareness training is crucial to prevent and detect phishing attacks. EDUCATE yourself, your employees, colleagues, and friends. Free tools such as this Phishing Quiz produced by Google are great but consistent awareness training is key. Train your brain on an everyday basis to look out for common phishing clues such as a fake sender email address, suspicious content, fake links, and/or corrupted attachments. You can also help others become aware by reporting unsolicited email or social media attempts that appear to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS). You can submit them to phishing@irs.gov. Stay safe during tax season and avoid becoming a cyber criminal’s next victim.