DISCLAIMER – With all the scams and identity theft issues we wanted to share what we have read and learned in the past few years. The following may not be all inclusive. The information provided within is to be used as a guideline of what to be aware of and how to be secure to avoid identity theft. In the case of identity theft, we ask you to please verify your next step when reporting to the official agencies (FTC, credit bureau, etc.) as you go through the process. If anything, the following will help you start the process of protecting your identity or your personal financial information to prevent it from being compromised.

This section of our web site was put together to help keep you informed of a multitude of scams and how to keep your identity and personal information safe.

RECENT SCAMS

THIS SECTION WILL BE UPDATED THROUGHOUT THE YEAR TO REFLECT THE CURRENT SCAMS.

CHECK COOKING SCAM: Over the past few years check washing was a huge concern where thieves would steal checks and wash the ink off with chemicals (except the signature) and then fill in a new payee and amount. The big concern now is what is called “check cooking.” The thieves take a digital picture of a stolen check and then use software to alter the information. The checks look very real, including watermarks. The check is printed or the image is deposited using the bank’s mobile app. To avoid this happening to you, learn how to pay bills and send money to loved ones using electronic transfers from your bank. If you must write a check, drop the check off inside the post office instead of using an outside USPS mailbox or your own personal mailbox. Also, be sure to monitor your checking account regularly for any suspicious activity.

CRYPTOCURRENCY SCAM: A scammer will impersonate a government agency, law enforcement, or utility company. They will tell you there is a legal issue and by paying them, you will avoid the ramifications. They tell you that you will need to send money using cryptocurrency (Bitcoin, Ethereum, etc.) and guide you through the process. They will even stay on the phone with you directing you to the nearest cryptocurrency ATM and give you instructions on what to do. They’ll direct you to send the crypto by scanning a QR code they give you, which directs the payment right into their digital wallet. Once the money is sent, there’s no getting it back. In 2021 criminals stole $22 million from people who thought they were sending the government money. In 2022, at least $35 million was stolen in fraudulent transactions.

Return to Top

“MILLS”  WHO TAKE ADVANTAGE OF OFFER IN COMPROMISE (OIC) TAXPAYERS:  OIC is a legitimate IRS program to help qualifying taxpayers work with the IRS to settle a tax debt for less than the full amount the taxpayer owes.  Be aware of mills who claim they can resolve unpaid taxes for “pennies-on-the-dollar.”  They will give the taxpayer a limited window of time to resolve the tax debt by pressuring the taxpayer into signing up with them, give them false assurances, empty promises that their tax debt will disappear and the taxpayer will end up paying high fees and might not even have their tax debt paid.  If you need help paying your tax due, contact the IRS directly to get the help you need.

Return to Top

KEEPING OUR CLIENTS’ INFORMATION SAFE FROM PHISHING SCAMS

While we continue to impress upon our clients how important it is to be aware of scams through emails, calls and texts to protect themselves from identity theft and scams, we want to assure you that we are doing the same on our end to keep your personal information safe.

One such scam that has been targeting tax professional offices is a phishing scam that involves verification of Electronic Filing Identification Numbers. Luckily, Main Street has not had to deal with this issue. Rest assured if Main Street would receive this type of email, the email would not be opened and would be deleted.

We have, however, received the “new client” phishing scam. These emails are received in our junk/spam folders. The email states that the person is new to the area, has an urgent tax issue and is looking for a tax professional. They say they have attached the IRS notice and their previous year’s tax return. There are variations to this scam but all have some type of attachment. When we receive these emails, we don’t open or click on the attachments and we delete the email. On our website, we clearly state “For security purposes, please call us if you would like to request an appointment.”

Return to Top

RANSOMWARE…DOES YOUR EMPLOYER HAVE WRITTEN POLICIES & PROCEDURES?

If not, you may want to share the following with them.

Ransomware is defined as a type of malicious software designed to block access to a computer system until a sum of money is paid. The most common method hackers use to deliver ransomware is through email. The hacker creates a file or link that looks legitimate and tricks the user into clicking on it and in turn the ransomware has now infected the computer.

Ransomware has been around for years and while personal computers were once the target, the ransomware actors recently have formed groups that target large corporations in order to demand bigger payouts (also referred to as “big game hunting”). These groups have gone so far as to form partnerships to share advice, code, trends, techniques and illegally obtained information over shared platforms. The criminals are also now engaging in “double extortion schemes” which involves not only locking the user out of their system but actually removing sensitive data from the targeted network, encrypting the system files and then demanding ransom.

Proactive prevention through effective cyber hygiene, cybersecurity controls and other best practices are often a company’s best defense against ransomware.

Return to Top

IS IT THE IRS OR IS IT A SCAM?

The IRS does not initiate contact with taxpayers by email, text message or social media to request personal or financial information. The most common scams are phone calls and emails from thieves who pretend to be from the IRS. Scammers use the IRS name, logo or a fake website to try and steal money and even identity from taxpayers.

Letters and Notices: A letter of notice is usually the first way the IRS will contact a taxpayer. If a taxpayer receives a suspicious letter or notice, they can check to see if it’s really the IRS:

• Log into their secure IRS Online Account to see if a copy of the notice or letter is in their file.
• Review common IRS letters and notices at the Understanding Your IRS Notice or Letter page on IRS.gov.
• Contact IRS customer service directly to authenticate the letter, if unable to authenticate in online account.
• If you received a notice from a private collection agency, verify it has the same Taxpayer Authentication Number as the Notice CP40 the taxpayer received from the IRS. Taxpayers can visit Private Debt Collection Frequently Asked Questions to learn more about verifying a private collection agency.

Phone Calls: Criminals are able to “spoof” caller ID numbers which can look like it actually is the IRS calling. Taxpayers need to be very cautious of phone calls or automated messages from someone who claims to be from the IRS. Often these criminals will tell the taxpayer he/she owes money. They also demand payment right away. Other times scammers will lie to a taxpayer and say they are due a refund. The thieves ask for bank account information over the phone. The IRS warns taxpayers NOT to fall for these scams.

Example of bogus IRS call: Criminal posing as an IRS agent calls stating the taxpayer’s identity has been stolen. The criminal says the taxpayer’s identity was used to open fake bank accounts and the criminal then tells the taxpayer to buy gift cards from a certain store(s) and wait for further instruction. The scammer then contacts the taxpayer one more time asking the taxpayer to provide the gift cards’ access numbers.

After first mailing a notice/letter to a taxpayer, IRS agents may call to confirm an appointment or discuss items for a scheduled audit, but taxpayers should be aware that IRS employees will NOT:

• Call demanding immediate payment. The IRS will not call the taxpayer without first sending a bill in the mail.
• Demand payment without allowing the taxpayer to question or appeal the amount owed.
• Require the taxpayer pay their taxes a certain way. For example, demand taxpayers use a prepaid debit card, gift card or wire transfer.
• Ask for credit or debit card numbers over the phone.
• Threaten to contact local police, immigration officers or other law enforcement to arrest the taxpayer for non-payment of taxes.
• Threaten legal action such as a lawsuit.
• Threaten to revoke the taxpayer’s driver’s license, business license or immigration status.
• The IRS will not leave a prerecorded message asking a taxpayer to call back.

If a taxpayer doesn’t owe tax or think they don’t owe any tax, they should:

• Not give out any information. Hang up immediately.
• Contact the Treasury Inspector General for Tax Administration. Use TIGTA’s “IRS Impersonation Scam Reporting” web page to report the incident.
• Report the incident to the Federal Trade Commission. Use the “FTC Complaint Assistant” on the FTC.gov. Please add “IRS Telephone Scam” to the comments of your report.
• Report the caller ID and/or callback number to the IRS at phishing@irs.gov (Subject line: IRS Phone Scam).

E-mails/Text/Social Media: The IRS doesn’t first contact taxpayers by email, text message or social medial to request personal or financial information. Some common scams that thieves use are:

• Sending phishing emails to taxpayers.
• Posing as IRS social media account to contact taxpayers about a fake bill or refund.
• Texting taxpayers about fake “tax credits” or “stimulus payments.”

If you owe tax or think you owe tax to the IRS:

• Go to irs.gov to see the actual amount owed (view tax account information online). Taxpayers can also review their payment options.
• Call the number on the billing notice or call the IRS at 800-829-1040.

For those taxpayers who get an email/text from the IRS requesting personal information:

• Don’t reply to the message or give out your personal or financial information.
• Forward the email to phishing@irs.gov. Do not forward scanned images because this removes valuable information.
• Forward the text as-is to the IRS at 202-552-1226 (remember that standard text messaging rates may apply).
• If possible, in a separate text, forward the originating number to the agency at
  202-552-1226.
• Do not open any attachments or click on any links. They may have malicious code that will infect your computer or cell phone.
• If you did click on links in a suspicious email and entered confidential information, visit the Identity Theft section of our website.
• Delete the original email/text message.

Website: If you come across a website that appears to be the IRS but you suspect it to be bogus, you should:

• Send an email with the URL of the suspicious site to phishing@irs.gov.
• Include a subject line of “suspicious website.”

Home Visits: The IRS recently ended most unannounced visits to taxpayers by agency revenue officers. This should improve the safety for both taxpayers and IRS employees.

Private Collection Agency: The IRS has contracted private collection agencies to collect taxes from taxpayers with overdue federal tax accounts. If you do owe taxes—or think you do—stay alert to scams that use the IRS as a lure. Tax scams can happen any time of year, not just at tax time. For more information, visit “Tax Scams and Consumer Alerts” at IRS.gov.

The process used when a taxpayer’s overdue taxes are passed on to one of four collection agencies used by the IRS is as follows:

• The IRS will send the taxpayer a letter to let them know their case is being turned over to a collection agency. The collection agency will also send the taxpayer a letter confirming they have been assigned to the taxpayer’s account. After receiving written notice from the IRS and the collection agency, the taxpayer may receive a call from the private collection agency.
• The IRS will assign the taxpayer’s account to only one of the collection agencies they use, never all four.
• The collection agency will…

• • Identify themselves and request payment to U.S. Treasury
  • Not ask for payment on a prepaid debit or gift card
  • Not take enforcement action

Taxpayers who receive the IRS phone scam or any IRS impersonation scam should report it to the Treasury Inspector General for Tax Administration at its IRS Impersonation Scam Reporting site and to the IRS by emailing phishing@irs.gov with the subjective line “IRS Impersonation Scam.”

Return to Top

TOP IRS SCAMS

• Phishing: Remember, the IRS will never initiate contact with taxpayers via email about a tax bill or refund. Don’t click on emails or fake web sites claiming to be from the IRS.
• Phone Scams: Criminals impersonating IRS agents remain an ongoing threat to taxpayers. They usually threaten with police arrest.
• Identity Theft: Tax time is the worst time for identity theft, although it can absolutely happen year-round. The IRS aggressively pursues criminals that file fraudulent returns using someone else’s Social Security number. Continue to be extremely cautious when giving out sensitive information. Better safe than sorry!
• Falsely Padding Deductions on Returns: Avoid the temptation to falsify deductions or expenses on tax returns in order to pay less than owed or receive larger refunds. Think twice before overstating deductions such as charitable contributions and business expenses or improperly claiming credits such as the Earned Income Tax Credit or Child Tax Credit.
• Falsifying Income to Claim Credits: Don’t invent income to erroneously qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers should file the most accurate return possible because they are legally responsible for what is on their return. Claiming false income can lead to taxpayers facing large bills to pay back taxes, interest and penalties. In some cases, they may even face criminal prosecution.
• Abusive Tax Shelters: Don’t use abusive tax structures to avoid paying taxes. Everyone should be on the lookout for people peddling tax shelters that sound too good to be true.
• Frivolous Tax Arguments: Don’t use frivolous tax arguments to avoid paying tax. Promoters of such schemes encourage taxpayers to make unreasonable and outlandish claims, even though they have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.
• Offshore Tax Avoidance: It’s never a good idea to hide money and income offshore. Taxpayers are best served by coming in voluntarily and taking care of their tax-filing responsibilities. The IRS offers the Offshore Voluntary Disclosure Program to enable people to catch up on their filing and tax obligations.
• W-2 Phishing: The scammer poses as an internal executive requesting employee Forms W-2 and Social Security Number information from company payroll or human resources departments. The personal information is then used for identity theft and to file false tax returns.

Return to Top

COMMON SCAMS AS REPORTED BY THE CREDIT BUREAU

• Imposter Scam: The caller pretends to be calling from the government, a business or relative with an emergency in order to obtain sensitive information or money.
• Car Scams: The scammer posts a picture of a car online and gives logical reasons why the price is so low (i.e., they are being deployed in the next several days or they are starting college very soon, etc.). The seller will then ask the prospective buyer to purchase prepaid gift cards in the amount of the sale and share the prepaid codes. The buyer is then told the car will be delivered but obviously the car, since an imposter, does not arrive and the buyer doesn’t hear back from the seller and has lost that money. Remember, if the price is too good to be true, don’t fall for it.
• Fake Bank Apps: Large banks have scammers posing as them who send emails stating they need information from the recipient. They ask the recipient to click on a link within the email. They tend to use phrases such as “Your account is at risk” to get your attention so you reply before thinking. DO NOT CLICK ON THE LINK. If you suspect it may truly be from your bank, close the email and go to your bank’s web site to see if this information is needed. Never click on links in suspicious emails. This is all an attempt to collect sensitive information.
• Home Improvement Scams: When the weather gets nicer, home improvement scams begin. Some scammers go door-to-door offering their services, take a deposit and then never complete the work. If you are unsure of the legitimacy of the salesman and are interested in their services, ask for a card and tell them you will get back to them. Do some research on the company by going to the Better Business Bureau web site (bbb.org). Another prime time for these types of scams is after a natural disaster (flooding, hurricanes, tornadoes, etc.)
• Jury Duty Scams: Scammers posing as a police or judicial official call the victim and tell them they did not report to jury duty and therefore owe a fine. The scammers go as far as spoofing the number from which they are calling to make the victim believe it’s a real call.
• Medicare Scam: An example of Medicare scam is a criminal using a cardholder’s Medicare benefits to obtain equipment such as an electric wheelchair or brace. Then, if something happens to the cardholder and they need that particular equipment, they are unable to get it because Medicare has record of the patient already obtaining that piece of equipment.
• Netflix Scam: Scammers will send a phishing email to subscribers with the subject line stating “payment declined” or “please update your payment details” to get the victim’s attention. They include a fake link in the email asking you to click to update your information. If you suspect your information may need to be updated, type the Netflix address in the browser instead of clicking on the link.
• Porting Scams: This scam involves stealing your phone number and phone service to get access to your bank account through confirmation text messages. The scammer begins by obtaining your name, phone number and then they gather more information on you such as address, social security number and date of birth. They then contact your mobile carrier and state that your phone has been stolen and ask to “port” the number over to another provider and device. After your phone has been ported to a new device, the scammer can then start accessing your accounts that require two-factor authorization to your phone.
• Romance Scams: The scammer sets up an account on a dating site with fake information and photos that are too good to be true. Once a target has been zeroed in on, the scammer makes up a story that they would like to visit you but there is a problem with finances and ask if the victim can send money so they can finally meet (another tactic is the scammer will tell the victim they have a sick relative and are in need of money to help them). Seniors are usually the primary target for this scam. Signs that the person you are talking to online is a scammer: They ask you for money and try to lure you off the dating site; they profess love quickly and claim to be from the US but currently are overseas for business/military; they claim to need money for an emergency—hospital bills or travel; plans to visit but can’t because of emergency.
• Shimmer Scams: A shimmer is a very thin piece of paper that can read chips in credit cards and debit cards. The sheet of paper is placed in an ATM or card reader on a gas pump, store, etc., and it will read information on the card used. This allows the scammer to create a non-chip version card which contains only the magnetic strip. See Security Reminders below for more information on Debit/Credit Card Security.
• Veterans scams: Scammers offer pension buyouts to veterans or ask them to donate to a charity that sounds real but isn’t real. The scammers can also take the donor’s personal information to create a new identity or even commit more crimes under the veteran’s name.
• Fake Invoice Scam: Scammers pretend they are a well-known tech company and email a fake invoice to the victim for a supposed purchase of an app, music or service. The email tells the victim to click on a link within the email. If you haven’t made any such purchase …STOP! DO NOT CLICK ON THE LINK. The scammer is trying to commit identity theft or they may be trying to gain access to your computer and can even lock you out of important files on your computer.
• “Neighbor Spoofing” Scam: When you receive a phone call that has the first 6 digits the same as your number, it can lead you to believe it’s a local call. Scammers are counting on you believing it’s local and therefore you are more likely to pick up. These days it’s very easy to fake caller ID numbers. Remember, if you see what appears to be a local number on your caller ID, it could be fake. If you answer and don’t recognize the caller, hang up.
• Social Media Scams: The FTC reported that $2.7 billion has been lost to social media scams from 2021 to October 2023. If you use social media, be cautious of fun quizzes, fake messages from hacked profiles and financial relief offers. Scammers use these methods to obtain personal information from you or to download malware onto your device.

Return to Top

ONGOING SCAMS

FAKE INSURANCE TAX FORM SCAM. Both tax professionals as well as individuals should be made aware of this scam. Scammers are using tax professionals to access clients’ annuity and life insurance accounts. The scammer gains access to the tax professional’s account and steals the client’s email address. In turn the scammer impersonates the tax professional and sends an email to the client attaching a bogus insurance form and requesting the client completes this form and returns it to the tax professional via fax or email. The email is VERY similar to the tax professional’s email address but slightly different. The tax professional’s email may be janedoe@taxoffice.com and the bogus email address may be janedoe@taxoffices.com or janedoe@tax_office.com. The subject line of the email will vary but may express something along the lines of “urgent.” After the client forwards the form, the scammer uses the personal information to either take out a loan or make a withdrawal from those accounts.

FAKE CHARITIES. Giving to a charity can be very fulfilling. However, taxpayers should be cautious about groups masquerading as charitable organizations to attract donations from unsuspecting contributors. Scammers will create a pressure situation to make people donate. A genuine charity is grateful for the donation and does not pressure. Some basic tips offered by the IRS for taxpayers making charitable donations: 1) Be aware of charities with names that are similar to familiar or nationally known organizations. Some phony charities use names or web sites that sound or look like those of respected, legitimate organizations. IRS.gov has a TEOS search feature, Tax Exempt Organization Search, which allows people to find legitimate, qualified charities to which donations may be tax-deductible. A legitimate charity will not be afraid to provide their Employer Identification Numbers (EIN), if requested, which can be used to verify that they are legitimate. It is advisable to double check using a charity’s EIN, 2) Don’t give out personal financial information, such as Social Security numbers or passwords, to anyone who solicits a contribution. Scam artists may use this information to steal identities and money from victims. Donors often use credit cards to make donations. Be cautious when disclosing credit card numbers. Confirm that the charity is legitimate, and 3) Don’t give or send cash, gift cards or wire transfers. For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the gift. Popular types of scams when it comes to charities are those following major disasters. To help disaster victims, the IRS encourages taxpayers to donate to recognized charities. Disaster victims can call the IRS toll-free disaster assistance telephone number (866-562-5227). Phone assistors will answer questions about tax relief or disaster-related tax issues.

Return to Top

PASSWORDS

• Add password protections to all devices. You should use a password to protect any device that gives you that opportunity. Not only your computer, tablet or mobile phone but also your wireless network. The password is your first line of defense.
• Change all factory password settings. If your device comes with factory password settings, for example the camera on your laptop, change it immediately.
• Longer is better. A password should be a minimum of 12 but longer is better. It should be a combination of upper case letters, lower case letters, numbers and special characters. Do not use your name, birthdate, sibling’s, pet’s or child’s names. Also, substituting numbers and symbols for letters in words or phrases can make it more difficult for a criminal to crack your password.
• Do not repeat passwords. These days, people often have multiple password-protected accounts. Do not use the same password repeatedly. Should a thief steal your password, he immediately will have access to other important accounts. Use different passwords, especially on important financial or tax accounts.
• Don’t share passwords. Never share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam. Keep your passwords in a secure place, out of plain sight.
• Use two-factor authentication options. Most online accounts now have you set up a two-factor or two-step authentication process. A two-factor process involves a security code being sent to your registered mobile phone or personal email. This means if a thief manages to steal your user name and password, he will be blocked from accessing your accounts since he doesn’t have access to your phone or email.
• Consider a password manager. One option for keeping track of your passwords on multiple accounts and getting help in creating strong passwords is to use a password manager. Some reputable companies offer free or low-cost versions of their products. See if a password manager might be right for you.

Return to Top

SECURITY REMINDERS

• Smart Phones or Tablets: Please remember both are basically a tiny computer and need to be secured just like a computer or laptop. Whether you use your phone for paying bills, office work, etc. or just use it for calling and texting, you have personal information in that little device, so be sure to have good virus protection software installed and/or use a VPN (virtual private network). Another suggestion is to be sure your operating system is updated regularly. Updates usually address security concerns within the operating system.
• Computers and Laptops: Always use security software with a firewall and anti-virus protection and be sure the security software is always turned on and can automatically update. Never download “security” software from a pop-up ad. A popular pop-up ad is one that indicates it has detected a virus on the computer and directs you to download a security software package. Don’t do it! It most likely will install some type of malware. Reputable security software companies do not advertise their product like this.
• Encrypt Sensitive Files: Use strong passwords. The longer the password, the tougher it is to crack. Don’t use the same password for all of your accounts. If the password is stolen, it can be used to break into multiple accounts. Keep your passwords in a secure place.
• Recognize and Avoid: Be observant of phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as banks, credit card companies and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails. One way of avoiding unwanted phone calls on your cell phone is to be sure and add all family members and doctors and other important numbers. Then go into your phone settings and turn on “silence unknown callers.” This will prevent your phone from ringing if a scammer calls and send them directly to voicemail. Most cell phones should have this feature.
• Protect Personal Data: Don’t routinely carry a Social Security card, and make sure tax records are secure. Treat personal information like cash; don’t hand it out to just anyone. Social Security numbers, credit card numbers, bank and utility account numbers can be used to steal money or open new accounts. Every time a taxpayer receives a request for personal information, they should think about whether the request is truly necessary. Scammers will do everything they can to appear trustworthy and legitimate.
• Back Up Files: No system is completely secure. Copy important files, including federal and state tax returns, onto a removable disc or a back-up drive, and store it in a safe place. If you choose to use a back-up drive such as an external hard drive, remember to unplug the drive from the computer after doing your back-up; otherwise, the drive isn’t keeping your information secure and away from hackers.
• Paper Checks: Instead of checks with pretty pictures, elect to purchase high-security checks. These checks contain several different features to prevent check fraud including watermarks, heat sensitive ink, holograms, fluorescent invisible ink, etc. When you write a check, to prevent check washing use a gel pen (it will seep into the check fibers and make it harder to remove). If you are mailing the check, put it inside the post office, not in a mailbox outside on the street.
• Debit/Credit Card Security: Although contactless debit/credit cards offer an added layer of security, you can and should take additional steps to protect your account information by enabling card security features, such as real-time purchase notifications and fraud alerts, to stay on top of account activity. Also, use the card lock feature (if available) if your card is stolen or misplaced. Below are some more tips to keep the account tied to your contactless debit/credit card safe:

• • Avoid using odd-looking payment terminals
  • Review your account activity regularly to ensure transactions are valid
  • Report suspicious or fraudulent transactions to your card issuer immediately
  • Contact your bank or credit union promptly if your card is lost or stolen
  • Contact your bank or credit union promptly if your card is compromised. Many offer zero-liability protection for unauthorized or fraudulent transactions.

• Alarm: Set up real-time notification to monitor your financial account activity. Every time there is a transaction made to this account, you will receive a text message, email or call informing you of this transaction. If you haven’t made this transaction, contact your bank immediately.
• Identity Protection PIN: This is a 6-digit code known only to the taxpayer and the IRS that helps to prevent identity theft. You can read more about this on IRS.gov.
• Teach Teens Online Safety: Parents teach their children how to balance a checkbook, how to drive and how to cook; why not teach them internet safety? Teach your teens not to reveal too much about themselves. Leaving a trail of personal information is making the fraudster’s job so much easier. Remind your teens not to reveal their birthday, address, age and especially not their social security number. Remind your teens to always use firewalls and anti-virus protection to protect sensitive information found in documents such as school transcripts and college applications. Recognizing scams is of utmost importance. Explain to your teens what scams are, how to recognize them and how to deal with them. If your teen shops online, advise your teen to only shop at reputable online retailers. Point out how to verify the shopping site is secure. Personal information is like cash; don’t leave it lying around. Lastly, let your teen know when using public Wi-Fi, although it may be free and convenient, it’s not always safe. Hackers can easily steal information from their device if connected to public Wi-Fi. Remind them to use a virtual private network (VPN) when connecting to public Wi-Fi.
• Protect Your Small Business. Avoid being compromised online by keeping your computer and anti-virus software set to update and run automatically and by using different and strong passwords for each online account (see Passwords section for guidance). For your mobile phone, check often for software updates and only install trusted apps. For extra security, contact your phone provider to add a password or PIN to your accounts.

Return to Top

STEPS TO PROTECT PERSONAL IDENTITY, TAX AND FINANCIAL INFORMATION

• Read your credit card and banking statements carefully and routinely.
• Review all paper notices and correspondence from the Internal Revenue Service, Department of Revenue, or any other government agency.
• Review each of your three credit reports at least once a year. Visit annualcreditreport.com to get your free reports.
• Review your annual Social Security income statement for excessive income reported. You can sign up for an electronic account at SSA.gov.
• Read your health insurance statements; look for claims you never received.
• Shred any documents with personal and financial information.
• If you receive any routine federal deposit such as Social Security Administrator or Department of Veterans Affairs benefits, you probably receive those deposits electronically. You can use the same direct deposit process for your federal and state tax refund. IRS direct deposit is safe and secure and places your tax refund directly into the financial account of your choice.
• Always use security software with firewall and anti-virus protections.
• Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as your bank, credit card company and government organizations, including the IRS.
• Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure.
• Do not give a business your SSN or ITIN just because they ask. Give it only when required.
• Do not give personal information over the phone, through the mail or on the internet unless you have initiated the contact or you are sure you know with whom you are dealing.
• Secure personal information in your home.

• • The IRS urges taxpayers to keep tax records safe and secure. The IRS also suggests scanning paper tax and financial records into a format that can be encrypted and stored securely on a flash drive, CD or DVD with photos or videos of valuables.
  • Now is a good time to set up a system to keep tax records safe and easy to find when filing next year, applying for a home loan or financial aid. Tax records must support the income, deductions and credits claimed on returns. Taxpayers need to keep these records if the IRS asks questions about a tax return or to file an amended return.
  • It is even more important for taxpayers to have a copy of last year’s tax return as the IRS makes changes to authenticate and protect taxpayer identity. Beginning in 2017, some taxpayers who e-file will need to enter either the prior-year Adjusted Gross Income (AGI) or the prior-year self-select PIN and date of birth. If filing jointly, both taxpayers’ identities must be authenticated with this information. The AGI is clearly labeled on the tax return.
  • If disposing of an old computer, tablet, mobile phone or back-up hard drive, keep in mind it includes files and personal data. Removing this information may require special disk utility software. More information is available on IRS.gov at How long should I keep records?

If you suspect you are a victim of identity theft, please go to “Identity Theft” on our website’s “Security Awareness” section.

Return to Top

RECAP ON SECURITY

For families with children and aging parents, it’s important to make sure everyone guards their personal information online and at home.

If everyone in your family uses the same computer, do not turn off any security software or open any suspicious emails. Never click on embedded links or download attachments of emails from unknown sources. Actions by one computer user could infect the machine for all users.

Do not store credit card information on any web site (Amazon, EBay, etc.). Kids & aging parents should be warned against oversharing personal information on social media. Oversharing addresses, a new family car or a parent’s new job gives identity thieves a window into an extra bit of information they need to impersonate you.

Don’t assume ads or emails are from reputable companies. Check out companies to find out if they are legitimate. When you’re online, a little research can save you a lot of money and reduce your security risk. If you see an ad or an offer that looks too good, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you cannot find contact information for the company, take your business and your financial information elsewhere. Even if a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.

Aging parents may also need assistance for someone to routinely review charges to their credit cards or withdrawals from their financial accounts. Unused credit cards should be canceled. An annual review should be made of their credit reports at annualcreditreport.com to ensure no new accounts are being opened by thieves, and reviewing the Social Security Administration account to ensure no excessive income is accruing to their account.

Seniors also are especially vulnerable to scam calls and pressure from fraudsters posing as legitimate organizations, including the Internal Revenue Service, and demanding payment for debts not owed. The IRS will never make threats of lawsuit or jail or demand that a certain payment method, such as a debit card, gift card or wire transfer, be made.

Some simple steps—and a conversation—can help the young and old avoid identity theft schemes and scammers.

Here are a few basic tips to recognize and avoid a phishing email:

• It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link for your convenience when in reality it may be a link to a spoofing site that may look similar to the legitimate official web site. Do not click on the link. Instead, hover the mouse over the link to see where the link will be taking you. If the email address contains the name of a person, contact that person and see if they sent the email. Remember not to use the email address or phone number contained within the email since that may lead you to the criminal.
• It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
• It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as the IRS or other government agencies.
• It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links. You may want to call your friend and see if they sent you an email.
• It has a lookalike or identical URL. Some emails from friends look questionable. Look at the address. If the address looks similar or identical, place your cursor over their address and see if it’s the same address as your friend. If not, delete immediately. If the address matches your friend’s email address but the email has a link to click on and sounds “off,” call your friend to be sure they sent the email. If not, delete immediately. Most likely the email contains malware.
• Use security features. Your browser and email provider generally will have anti-spam and phishing features. Make sure you use all of your security software features.
• It has a logo or grammar that is “off”. If the email contains a logo, does it appear to be stretched or broken? Many times, phishing emails containing a popular company logo will have a logo that isn’t quite as clear as the real company. Also, if the email has text in the body of the email, read the email carefully and look for spelling or grammatical errors. Phishing emails are far from perfect when it comes to their wording or spelling.

Here are a few simple steps you can take to protect yourself:

• Avoid suspicious phishing emails that appear to be from the IRS or other companies; do not click on the links.
• Beware of phishing scams asking you to update or verify your accounts.
• Beware of emails with an attachment from someone you know that sounds “strange,” like something they wouldn’t send. The email address attached to the email may be their actual email address but if you are not 100% sure the sender would send such an email, call the person to be sure they sent you the email. If they tell you they haven’t sent you an email, delete the email; it is most likely malware and could infect your computer.
• Download and install software only from websites you know and trust.
• Use security software to block pop-up ads, which can contain viruses. Avoid “free” security scans or pop-up advertisements for security software.
• Ensure your family understands safe online and computer habits.
• Look for the “S” when shopping or banking online. “Https” should be at the beginning of the web address. The “s” is for secure. Unencrypted sites begin with an http address. Additionally, make sure the https carries through on all pages, not just the sign-on page.
• Secure Wireless Networks. A wireless network sends a signal through the air that allows it to connect to the Internet. If your home or business Wi-Fi is unsecured, it also allows any computer within range to access your wireless and potentially steal information from your computer. Criminals also can use your wireless to send spam or commit crimes that would be traced back to your account. Always encrypt your wireless. Generally, you must turn on this feature and create a password.
• Be cautious when using public wireless networks. Public Wi-Fi hotspots are convenient but often not secure. Tax or Financial Information you send through web sites or mobile apps may be accessed by someone else. If a public Wi-Fi hotspot does not require a password, it probably is not secure. Remember, if you are transmitting sensitive information, look for the “s” in https in the web site address to ensure that the information will be secure.
• With social media being so popular today, some people post their location or photos of where they are at the present time, whether vacationing or at a restaurant. This basically tells the world you are not home. The best thing to do if you are on vacation, is wait until vacation is over and then post your photos and videos of your vacation.
• Change passwords frequently. Passwords should contain a combination of at least 12 upper case letters, lower case letters, numbers and symbols. Longer is better. See Passwords above for more information.

Return to Top