Security Awareness - Tax Scams 2020

Mar 10, 2020 3:00:02 PM

calculator-1680905_960_720

Few people like the process of completing their taxes every year. But no one wants to be scammed out of the monies owed to them by the government. Be especially careful about those that contact you regarding your taxes, and confirm the sources of those emails and calls whenever possible.

NOTE: This is the first blog in a series of Security Awareness blogs that will be shared by EMA, with the purpose of being shared and redistributed to your employees to improve / augment your Security Awareness Training efforts. Questions and / or topic selection can be sent to sales@emausa.com.

Tax season is upon us once again, and so are the fraudsters that try to take advantage of the occasion. The Internal Revenue Service (IRS) has a comprehensive site that tracks many of the current scams, as well as some of the historical scams that seem to resurface from time to time. As with past years, there are several tips that the average consumer can follow to protect your information as well as your IRS refund.

• Phishing Emails: According to the IRS, scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Phishing is not limited to just the IRS – the fraudsters know that it only takes a single instance of someone clicking on an embedded link to make their efforts successful and sending out thousands of emails cost them nothing. Simply put, the IRS does not initiate investigations or ask for your personal information via email. When an email of this type comes to your email inbox, just delete it or follow your corporate email SPAM policy.

• Robocalls: There have been multiple robocall attacks over the years: a robot (usually from a fake or unidentified number) will call asking for the person’s social security number and to play a fine (laughably sometime the fine is asked to be paid in gift cards, which the IRS will never do). They are also known to threaten callers with police action (think black-clad troopers descending from helicopters onto your roof). The IRS recommends that you always verify the call is legitimate (the IRS – from time to time – will make phone calls to confirm information, but they will ALWAYS contact you via mail first), and that if in doubt, to call the IRS back directly to the number provided on the IRS.gov website or on your billing notice.

• Not Just Your Federal Taxes: In recent years, the fraudsters have turned their focus to state returns and refunds instead of federal taxes. The thinking is that the victim may have already heard about some of the federal scams (as they are often publicized in the local media) but not so much at the state level. There are reports from fictitious state agencies asking for customers to pay delinquent tax bills (again, often asking for payment in gift cards, which is a sure sign of a scam). Many states take part in the Identity Protection PIN program (IRS.gov/GetanIPPIN), which is another effort to protect your submissions and returns. Same as above – when fraudsters call or contact from the state about your taxes, confirm that they are legitimate before releasing ANY of your personal information.

Chris Steffen

Written by Chris Steffen

Christopher Steffen, CISSP, CISA, is the managing research director of information security/risk and compliance management for Enterprise Management Associates, a leading industry analyst and consulting firm that provides deep insight across the full spectrum of IT and data management technologies. Before EMA, he served as the CIO for a financial services firm, focusing on FedRAMP compliance and security. He has also served in executive and leadership roles in numerous industry verticals. Steffen has presented at numerous industry conferences and has been interviewed by multiple online and print media sources. Steffen holds over a dozen technical certifications, including CISSP and CISA.

    Lists by Topic

    see all

    Posts by Topic

    see all

    Recent Posts