Fraud & Scams
Scam Alert: Fake Calls from Taxpayer Advocate Service
Like clockwork, every year, there's a new twist on old scams. This year, it is the IRS impersonation phone scam whereby criminals fake calls from the Taxpayer Advocate Service. The TAS is an independent organization within the IRS that help protect your taxpayer rights. TAS can help if you need assistance resolving an IRS problem, if your problem is causing financial difficulty, or if you believe an IRS system or procedure isn't working as it should. Typically, a taxpayer would contact TAS for help first, and only then would TAS reach out to the taxpayer. TAS does not initiate calls to taxpayers out of the blue.
How the scam works
Like many other IRS impersonation scams, thieves make unsolicited phone calls to their intended victims fraudulently claiming to be from the IRS. In this most recent scam variation, callers "spoof" the telephone number of the IRS Taxpayer Advocate Service office in Houston or Brooklyn. Calls may be 'robo-calls' that request a call back. Once the taxpayer returns the call, the con artist requests personal information, including Social Security number or individual taxpayer identification number (ITIN).
In other variations of the IRS impersonation phone scam, fraudsters demand immediate payment of taxes by a prepaid debit card or wire transfer. The callers are often hostile and abusive. Alternately, scammers may tell would-be victims that they are entitled to a large refund but must first provide personal information. Other characteristics of these scams include:
Scammers use fake names and IRS badge numbers to identify themselves.
Scammers may know the last four digits of the taxpayer’s Social Security number.
Scammers spoof caller ID to make the phone number appear as if the IRS or another local law enforcement agency is calling.
Scammers may send bogus IRS emails to victims to support their bogus calls.
Victims hear background noise of other calls to mimic a call site.
After threatening victims with jail time or with, driver's license or other professional license revocation, scammers hang up. Others soon call back pretending to be from local law enforcement agencies or the Department of Motor Vehicles, and caller ID again supports their claim.
Telltale signs of a scam call
While the IRS or the TAS will never do any of the following, scammers will often:
Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
Ask for credit or debit card numbers over the phone.
Call about an unexpected tax refund.
Tax scams can happen any time of year, not just at tax time and its important to stay alert to scams that use the IRS or other legitimate companies and agencies as a lure. If you have any concerns, please call the office.
December 4, 2018
The IRS urges everyone with any type of online account to review new, stronger standards to protect their passwords. Doing so will help protect against savvy cybercriminals who wants to access people’s accounts and steal their identities.
Here are three steps people can follow to build a better password:
Step 1: Leverage powers of association. People can identify associated items that have personal meaning and use them in their passwords.
Step 2: Make unique associations. Passphrases should be words that can go together in your head, but no one else would ever suspect.
Good example: Items in a living room such as BlueCouchFlowerBamboo.
Bad example: Names of children or pets.
Step 3: Create a passphrase that you can picture in your head. The key is to create a passphrase that is hard for a cybercriminal to guess, but easy for the user to remember.
In addition to creating strong passwords, people can:
Use a different password or passphrase for each account. People can consider using a password manager if necessary for multiple accounts.
Use multi-factor authentication whenever possible. They should not rely on the passphrase alone to protect sensitive data. Multi-factor authentication means returning account holders need more than just their username and password to access an account. They also need, for example, a security code sent as text to a mobile phone.
Change all factory-set passwords. They should do this for wireless devices such as printers and routers.
December 4, 2018
Data thieves don’t take a break during the holidays. In fact, the IRS warns taxpayers that the agency is seeing a large increase in bogus email schemes that seek to steal money or tax data.
The most common way for cybercriminals to steal money, bank account information, passwords, credit cards and Social Security numbers is to simply ask for them. Every day, people fall victim to phishing scams or phone scams that cost them their time and their cash.
Here are a few steps taxpayers can take to protect against phishing and other email scams. When reading emails, people should:
Be vigilant and skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, the recipient should approach with caution. Cybercrooks are good at acting like trusted businesses, friends and family. This even includes the IRS and others in the tax business.
Double check the email address. Thieves may have compromised a friend’s email address. They might also be spoofing the address with a slight change in text. For example, email@example.com instead of firstname.lastname@example.org. Merely changing the “m” to an “r” and “n” can trick people.
Remember that the IRS doesn't initiate spontaneous contact with taxpayers by email to ask for personal or financial information. This includes asking for information via text messages and social media channels. The IRS does not call taxpayers with aggressive threats of lawsuits or arrests.
Not click lick on hyperlinks in suspicious emails. When in doubt, users should not use hyperlinks and go directly to the source’s main web page. They should also remember that no legitimate business or organization will ask for sensitive financial information by email.
Use security software to protect against malware and viruses found in phishing emails. Some security software can help identity suspicious websites that are used by cybercriminals.
Use strong passwords to protect online accounts. Experts recommend the use of a passphrase, instead of a password, use a minimum of 10 digits, including letters, numbers and special characters.
Use multi-factor authentication when offered. Two-factor authentication means that in addition to entering a username and password, the user must enter a security code This code is usually sent as a text to the user’s mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone.
Report phishing scams. Taxpayers can forward suspicious emails to email@example.com.
December 3, 2018
The IRS reminds holiday shoppers to protect their tax and financial data from identity thieves. All it takes is a few extra steps to prevent cybercriminals from stealing sensitive data, such as financial account information, Social Security numbers, and credit card information. Thieves could use this data to file a fraudulent tax return in 2019.
This tip is part of National Tax Security Awareness Week. The IRS is partnering with state tax agencies and its partners in the Security Summit to remind to taxpayers and tax professionals about the importance of protecting data.
Cybercriminals want to turn stolen data into quick cash. They do this by draining financial accounts, charging credit cards, creating new credit accounts or even using stolen identities to file a fraudulent tax return for a refund.
Here are seven steps taxpayers can follow to help protect their accounts and their money:
Avoid unprotected Wi-Fi. Unprotected public Wi-Fi hotspots may allow thieves to view transactions.
Shop at familiar online retailers. Generally, sites using the “s” designation in “https” at the start of the URL are secure. User can also look for the “lock” icon in the browser’s URL bar. That said, some thieves can get a security certificate, so the “s” may not always vouch for the site’s legitimacy. Beware of purchases at unfamiliar sites or clicks on links from pop-up ads.
Learn to recognize and avoid phishing emails. Thieves send these emails, posing as a trusted source, such a financial institution. or the IRS. The criminal’s goal is to entice users to open a link or attachment. The link may take users to a fake website that will steal usernames and passwords. An attachment may download malware that tracks keystrokes.
Keep a clean machine. This applies to computers, phones and tablets. Taxpayers should use security software to protect against malware that may steal data and viruses that may damage files.
Use passwords that are strong, long and unique. Experts suggest a minimum of 10 characters but longer is better. People should also avoid using a specific word in the password. They should also use a combination of letters, numbers and special characters.
Use multi-factor authentication when available. This means users may need a security code, usually sent as a text from a financial institution or email provider to a mobile phone. People use this code in addition to usernames and passwords.
Encrypt and password-protect sensitive data. If keeping financial records, tax returns or any personally identifiable information on computers, this data should be encrypted and protected by a strong password.
Tax Transcript Email Scam Alert
Taxpayers should be aware of a new round of fraudulent emails that impersonate the IRS and use tax transcripts as bait to entice users to open documents containing malware. The scam is especially problematic for businesses whose employees might open the emails infected with malware as it can spread throughout the network and may take months to remove.
This well-known malware, which is called Emotet, typ[ically tricks people into opening infected documents by posing as specific banks and financial institutions. However, in the past few weeks, the scam has masqueraded as the IRS, pretending to be from "IRS Online." Many of these malicious Emotet emails were recently forwarded to firstname.lastname@example.org.
The scam email carries an attachment labeled "Tax Account Transcript" or something similar, and the subject line uses some variation of the phrase "tax transcript." The exact wording often changes with each version of the malware.
Taxpayers should remember that the IRS does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript (a summary of a tax return). Taxpayers receiving a suspicious email are urged not to open the email or the attachment. If using a personal computer, delete or forward the scam email to email@example.com. If you see these types of emails when using an employer's computer, notify your company's internet technology (IT) department immediately.
In July, the United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about earlier versions of the Emotet, which it has called one of the most costly and destructive malware affecting the private and public sectors.