On 7/16/24, the IRS warned taxpayers and tax professionals how email scams continue to aim to trick taxpayers by stealing sensitive tax and financial information. This information consists of passwords, bank account numbers, credit card numbers, or Social Security numbers. Email scams are known as “phishing” and they are continuously evolving coming in different variants that will target individuals regardless of whether it is tax season or not. Verifying the legitimacy can assist all individuals to not fall prey and be victims of an email scam. IRS states, “Don’t take the bait” and to do so, individuals should never respond to tax-related phishing (emails) or smishing (text messages) or click on the URL link.
Email Scam Variations:
The IRS presents four different phishing terms and provides information on how the email scams might look like as per the extracts from the IRS listed below:
- Phishing/Smishing – Phishing emails or SMS/texts (known as “smishing”) attempt to trick the recipient into clicking a suspicious link, filling out information or downloading a malware file. Often phishing attempts are sent to multiple email addresses at a business or agency increasing the chance someone will fall for the trick.
- Spear phishing – A specific type of phishing scam that bypasses emailing large groups at an organization, but instead identifies potential victims and delivers a more realistic email known as a “lure.” These types of scams can be trickier to identify since they don’t occur in large numbers. They single out individuals, can be specialized and make the email seem more legitimate. Scammers can pose as a potential client for a tax professional, luring the practitioner into sharing sensitive information.
- Clone phishing – A newer type of phishing scam that clones a real email message and resends it to the original recipient pretending to be the original sender. The new message will have either an attachment that contains malware or a link that tries to steal information from the tax professional or recipient.
- Whaling – Whaling attacks are very similar to spear phishing, except these attacks are generally targeted to leaders or other executives with access to secure large amounts of information at an organization or business. Whaling attacks can also target people in payroll offices, human resource personnel and financial offices.
The 7/16/24 IRS News Release also issues email scams warning signs and red flags that are often overlooked such as the following extracts from the IRS:
- An unexpected email or text claiming to come from a known or trusted source such as a colleague, bank, credit card company, cloud storage provider, tax software provider, or even the IRS and other government agencies.
- Receiving a duplicate email from what appears to be a known trusted source that contains a new attachment or hyperlink.
- A message, often with an urgent tone, urging the receiver to open a link or attachment. These messages have a false narrative like someone’s password has expired or some other urgent action is needed.
- An email address, number, or link that’s slightly misspelled or has a different domain name or URL (irs.com vs. IRS.gov). A closer look at these email addresses – like hovering the cursor over the email address – can show slight variations on legitimate addresses.
Here is what to do if you are a target of email scams:
- Don’t reply.
- Don’t open any attachments. They can contain malicious code that may infect the computer or mobile phone.
- Don’t click on any links. If a taxpayer inadvertently clicks on links in a suspicious email or website and enters confidential information, visit the IRS’ identity protection page.
- Send the full email headers or forward the email as-is to [email protected]. Don’t forward screenshots or scanned images of emails because this removes valuable information.
- Delete the original email.
Remember that the IRS initiates most contacts through regular mail and will never initiate contact with taxpayers by email, text, or social media regarding a bill or tax refund.
Be cautious and stay safe from these scams.
Who is your tax professional? ©