Tax season is in full swing, which means criminals will go to great lengths to separate your business from its money or anything of value that is within reach. Scammers may offer seemingly legitimate “tax services” that are actually designed to harm your business. Oftentimes, criminals will lure businesses in with an offer of larger write-offs or refunds. Such scams might include fake websites and tax forms that look like they belong to the Internal Revenue Service (IRS) in order to trick you into providing sensitive information.
Due to the rise in data breaches, you should always take steps to minimize your business’s risk of theft and other online crimes. This is especially important during tax season. Below are some warning signs to look for and basic precautions you can take to minimize risk and avoid becoming the next victim.
Warning Signs of an Online Tax Scam
- Emails discussing “changes to tax laws.” These email scams typically include a downloadable document (usually in PDF format) that purports to explain the new tax laws. However, these downloads are almost always populated with malware that will infect your computer once downloaded.
- An email or link requesting personal and/or financial information, such as your name, social security number, bank or credit card account numbers, or any additional security-related information.
- Emails containing various forms of threats or consequences if no response is received, such as additional taxes or blocking access to your refunds.
- Emails from the IRS or federal agencies. The IRS will not contact you via email.
- Emails containing exciting offers, tax refunds, incorrect spelling, grammar, or odd phrasing throughout.
How to Avoid Being the Victim
- Never send sensitive information in an email. Information sent through email can be intercepted by criminals. Make sure to consistently check your financial account statements and your credit report for any signs of unauthorized activity.
- Verify emails requesting sensitive information. Criminals know when it’s tax season and they love to pretend to be someone else. If your CEO or CFO emails you and requests W-2s for all employees, or a similar type of request asking for sensitive info, call them back to verify the email was really from them. Often times malicious emails will state the sender is in meetings or unavailable via phone all day and will only respond via email. Criminals use that front to make sure you don’t figure out the request wasn’t legit.
- Secure your computer. Ensure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and receiving automatic updates from the vendor. If you haven’t already done so, install and enable a firewall.
- Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires great caution. Never visit a site by clicking on a link sent in an email, found on someone’s blog, or in an advertisement. The websites you land on might look like legitimate sites, but can also be very well-crafted fakes.
- Be wise with Wi-Fi. Wi-Fi hotspots are intended to provide convenient access to the internet. However, this convenience can come at a cost. Public Wi-Fi is not secure and is susceptible to eavesdropping by hackers, therefore, never use public Wi-Fi to file your taxes.
- Look for clear signs. Common scams will tout tax rebates, offer great deals on tax preparation, or offer a free tax calculator tool. If you did not solicit the information, it’s likely a scam.
- Be on the watch for fake IRS scams. The IRS will not contact you via email, text messaging, or your social network, nor does it advertise on websites. Additionally, if an email appears to be from your employer or bank claiming there is an issue that requires you to verify personal information, this is most likely a scam as well. Don’t respond to these types of emails. Always contact the entity directly.
- Always utilize strong passwords. Cybercriminals have developed programs that automate the ability to guess your passwords. To best protect yourself, make your passwords difficult to guess. Passwords should have a minimum of nine characters and include uppercase and lowercase letters, numbers, and symbols.
If you receive a tax-related phishing or suspicious email at work, report it according to your organization’s cybersecurity policy. If you receive a similar email on your personal account, the IRS encourages you to forward the original suspicious email (with headers or as an attachment) to its firstname.lastname@example.org email account, or to call the IRS at 800-908-4490. More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list of tax scams.