Tax scam season is upon us and the IRS is providing tips on how to avoid phishing and malware scams. Even if you don’t give the information that a scam email requests, you could still put yourself at risk by clicking on links or opening attachments. Watch this important video to find out how to handle emails that say they are from the IRS — because they are not!
Remember, the IRS does NOT initiate contact with taxpayers by email, text or social media channels to request personal or financial information. .
Here are two scams making the rounds this year to watch out for.
Scam #1: Review your W-2
In this scam, criminals send an official-looking email to try and trick you into reviewing “your” W-2 tax form. The BBB says subject line for this phishing attempt may be something like: “Document Received (scanned_1040_W2.pdf).”
The email message asks you to verify the information listed on the W-2 by clicking a link to a “secure” file shared using a reputable file sharing service. Rather than taking you to your W-2, the link could download malware on to your computer, or take you to a fake site designed to steal your information.
Scam #2: Payroll needs a copy of your W-2
Here, scammers do some homework and find out the names of company executives or the head of the payroll department. Armed with that information and using a technique called business email spoofing, they pose as that person over email.
The IRS says the email may start innocently enough by asking, “Hi, are you working today?” but eventually the fraudster asks you to send a copy of your current W-2. With the information, the criminals can file a tax return (keeping any and all refunds), request a wire transfer, and/or sell the your data on the Dark Web.
What you can do
The IRS recommends these steps to steer clear of these scams:
1. Don’t click email links! Clicking on them could infect your computer with malware or take you to a fake third-party site designed to steal your information.
2. Hover over links. If the email has a link, hover your mouse over it to reveal its true destination. If something seems fishy (or phishy, as the case may be), don’t risk clicking on it.
3. Don’t open unsolicited emails. If you haven’t asked to be contacted, or don’t know who sent the email, put it straight in the recycle bin.
4. Be very, very careful about sharing personal information. Even if the email looks real, it might not be. And, don’t share your bank account, credit card, or social security data to anyone you don’t know personally.