The tax deadline of July 15 is almost here and the Internal Revenue Service has issued a fresh warning about scams.
Because of COVID-19, the original filing deadline for the 2019 tax year was postponed from April 15 to July 15.
Along with that reminder, the IRS is telling taxpayers that “scammers are hard at work” once again trying to get your personal information and your money.
One of the most important things to keep in mind is that the IRS will not contact you by phone, email or social media to ask for personal information, the agency said.
If you get such a request, “It is a scam,” the IRS said.
Successful tax scams can be particularly devastating financially because of the critical data scammers harvest from tax documents, including full legal names, birthdates, and social security numbers, said Alex Guirakhoo, strategy and research analyst at cybersecurity services company Digital Shadows, to Fox News earlier this year.
And once this information is stolen, it's for sale on cybercriminal forums.
"On the dark web, there are countless forums dedicated to tax scams and refund fraud, allowing even the most novice cybercriminal to easily purchase people’s tax records," Tom Kellermann, head cybersecurity strategist, VMware Carbon Black, told Fox News in a statement.
Cybersecurity firm Proofpoint warns that tax-related threats from cybercriminals generally fall into two categories.
One is tax-themed emails with malicious attachments.
Proofpoint cites an example where an email scammer sends a malicious attachment with the logo of one of the largest tax preparation agencies in the United States. If the attachment is clicked on, it installs TeamViewer, a popular remote desktop sharing program.
"Once TeamViewer is installed, the attackers are able to completely control the recipient’s computer, giving them complete access to all the information on that computer including banking and investment accounts," Proofpoint said.
Because TeamViewer is a legitimate, popular application, it may not be flagged as malware by security software.
Proofpoint says to treat all tax-themed attachments as potentially malicious since it is unusual for tax preparation and accounting companies to send information as attachments through regular email.
The second category is legitimate tax websites that have been hacked by bad guys.
This especially applies to smaller tax preparation and accounting firms, according to Proofpoint.
“These are websites that are owned and run by legitimate companies but have been taken over by attackers who are using them to distribute malware to people who visit these sites,” Proofpoint said.
These sites often use out-of-date or unpatched software, making them vulnerable.
Another tactic used by scammers is urgency, several cybersecurity experts have told Fox News. These schemes can be effective because they play on Americans’ fear about mistakes, misfilings, or just generally running into trouble with the IRS.
But urgency should be viewed as a dead giveaway. A tax emergency generally doesn’t happen.
Again, heed the IRS’s advice that you shouldn’t respond if you get a phone call or email.
Other advice offered by VMware Carbon Black: Never use public WiFi when filing your taxes and always use multi-factor authentication.
Another good piece of advice: check out the “dirty dozen” tax scams the IRS publishes.