As we enter tax season, individuals and businesses need to be extra cautious so they don’t fall victim to fake IRS e-mails and other types of phishing scams. Scammers are continually finding new ways to trick their targets. The latest scam? An e-mail with an “IRS” form attached.
Cyber criminals are sending e-mails that appear to be a request from the IRS asking the taxpayer to fill out a fake form and send it back to the e-mail addressed. See the images for a recent example. Victims who fall for this scam unwittingly send their personal information to the scammer, exposing themselves to the possibility of identity theft, tax fraud and worse.
While this phishing scam includes an attached form, other types of phishing e-mails solicit recipients to click on a link, which leads them to a fake website that requests information. Other kinds of attacks come with an attachment that contains embedded malware, such as ransomware. Regardless of the method, improper handling of such e-mails can have devastating impacts on individuals and organizations.
The good news is that there are some precautions you can take to decrease your risk of falling victim to phishing scams.
The easiest way to protect yourself against scams is by having the right technology (i.e., firewalls, anti-virus, malware and other tools) as your first line of defense, but eventually, malicious emails can get through so it’s important to be educated.
For businesses, one of the most effective ways to reduce risk is to train your employees to be more aware and be able to recognize cyber threats. Kaufman Rossin offers phishing training for companies of all sizes.
For individuals, you can reduce your risk by learning to recognize the signs that an e-mail may be suspicious. The following are a few red flags, though not an exhaustive list of what to watch out for.
- Ambiguous subject line
- Misspellings and other typos
- Improper grammar and punctuation
- Questionable contact information
- Unfamiliar email address
- Email from the IRS
It’s important to note the last point above. As a policy, the IRS will never initiate contact via e-mail or phone. If you receive an unsolicited or unexpected email claiming to be from the IRS, you should delete it without clicking on links or opening any attachments and you should report it via the appropriate channels. Forwarding these emails is ill-advised because doing so could expose others to risk.
If you believe you are receiving fraudulent contact from someone pretending to be from the IRS, visit the informational webpage created by the IRS with instructions about what you should do. You can also report tax scams online or by calling 800-366-4484.
Taxpayers should educate themselves about phishing attacks so they can effectively defend against them. To learn more about how you can defend against cyber threats, contact the Risk Advisory Services team at Kaufman Rossin.
Roberto Valdez, CPA, is a risk advisory services professional in Kaufman Rossin’s Boca Raton, Florida, office. Kaufman Rossin is one of the top CPA firms in the U.S. Roberto can be reached at firstname.lastname@example.org.