By Susan Tompor
Detroit Free Press
WWR Article Summary (tl;dr) The IRS says that more than 90% of all data thefts start with a phishing email. So when you receive an unsolicited email from the “IRS ” with a phrase like “Automatic Income Tax Reminder”, do NOT open it!
Detroit Free Press
Did you just get an email about your tax refund? Or maybe an email using the phrase an “electronic tax return reminder?”
It’s a hot new scam, according to the latest warnings from the Internal Revenue Service.
Taxpayers are increasingly reporting that they’re receiving unsolicited emails from IRS impostors. The subject line on the email could vary but some are using phrases that include the word “reminder,” such as “Automatic Income Tax Reminder.”
The traditional income tax season may be months away. But some tax-related deadlines remain on the 2019 calendar, including Sept. 16 for those making third quarter estimated tax payments, and Oct. 15, which is the final date for filing if you requested an extension to file individual tax returns for the 2018 tax year. You’d file by Oct. 15 to avoid a potential late filing penalty.
As those deadlines loom on the horizon, it’s likely that we’re going to see a few more emails being rolled out by the spammers and scammers who want to hijack your computer or steal your cash.
Tax scams run all year long
Once again, IRS Commissioner Chuck Rettig warned in a statement: “The latest scheme is yet another reminder that tax scams are a year-round business for thieves.”
The IRS isn’t going to be sending you an email about your tax refund or sensitive financial information. And you should never respond to suspicious or unknown emails.
Taxpayers can notify the IRS about unsolicited emails from impostors by forwarding the emails or sending a note to [email protected]
One problem with the fake emails is that many show an IRS.gov website so you think it’s the real deal.
And there may be details that pretend to relate to the taxpayer’s refund, electronic return or tax situation.
“Because these scammers often use sensitive information about you that they have stolen from other sites, you might be tricked into letting down your guard and becoming infected with malware,” said Luis D. Garcia, an IRS spokesman in Detroit.
Phony emails contain a ‘one-time’ password
Another red flag: The phony emails contain a “temporary password” or a “one-time password.”
Those passwords supposedly allow you to access the necessary tax files. What really happens, though, is that taxpayers end up unknowingly downloading a malicious file.
The latest scam uses dozens of compromised websites and web addresses that pose as www.irs.gov, which the IRS says makes it challenging to shut down.
More: Don’t do your boss any favors buying gift cards, it’s likely a scam
“By infecting computers with malware, these impostors may gain control of the taxpayer’s computer or secretly download software that tracks every keystroke, eventually giving them passwords to sensitive accounts, such as financial accounts,” the IRS said.
Generally, the IRS will first mail a bill to any taxpayer who owes taxes. And the IRS isn’t asking for immediate payment via gift cards.
Unfortunately, scammers know that tax professionals can be pretty good targets, too, when it comes to trying to steal sensitive financial data.
Even tax professionals may find it tough to spot an outright lie.
The IRS is continuing to warn tax professionals about the need to be extra vigilant and review their own data security systems.
The IRS noted that more than 90% of all data thefts start with a phishing email. Employees may open a link that takes them to a fake site or open an attachment that is embedded with malware that secretly downloads onto their computers.
Scammers have been successful targeting tax professionals by posing as a trusted source and tricking someone into opening an embedded link or attachment. Many of these emails contain that sense of urgency that gets someone to act quickly without thinking.
Some of the fake emails tell tax professionals that they need to update an account immediately. Or a cyber crook may pose as a prospective client.
As Rettig has said: “You’re only as safe as your least educated employee.”
ABOUT THE WRITER
Susan Tompor is the personal finance columnist for the Detroit Free Press.
Distributed by Tribune Content Agency, LLC.