IRS Warns of Continued Scams, Varied Tactics as the Tax Deadline Nears
IR-2016-62, April 13, 2016
WASHINGTON — The Internal Revenue Service today issued a warning that scammers may try using the April 18 tax deadline to prey on hard-working taxpayers by impersonating the IRS and others with fake phone calls and emails. Even after the tax deadline passes, taxpayers should know the telltale signs of a scam and tips to protect themselves from a variety of phone scams and phishing emails.
"We’ve seen continuing activity in these scams throughout the filing season," said IRS Commissioner John Koskinen. "As the tax deadline nears, these criminals may try and trick honest taxpayers over the phone or via email, and people should remain vigilant. After the tax deadline, watch out for these scammers promising a refund or threatening you with an unexpected tax bill."
These scam artists frequently masquerade as being from the IRS, a tax company and sometimes even a state revenue department. By email, they try enticing people to click on links in official-looking messages containing questions related to their "tax refund." Report these emails to firstname.lastname@example.org. By phone, many scammers use threats to intimidate and bully people into paying a "tax bill." They may even threaten to arrest, deport or revoke the driver’s license of their victim if they don’t get the money.
Variations of these scams can be seen nationwide, and it’s more important than ever to be cautious with providing personal or financial information. As part of the effort to protect taxpayers, the IRS has teamed up with state revenue departments and the tax industry to make sure taxpayers understand the dangers to their personal and financial data as part of the “Taxes. Security. Together” campaign.
Some examples of the varied tactics seen this year are:
Soliciting W-2 information from payroll and human resources professionals (see news release IR-2016-34)
“Verifying” tax return information over the phone (IR-2016-40)
Pretending to be from the tax preparation industry (IR-2016-28)
There are some important reminders for taxpayers nationwide about these schemes.
Watch Out for Threatening Phone Calls
Beware of scammers making unsolicited calls claiming to be IRS officials. They demand that the victim pay a bogus tax bill. They con the victim into sending cash, usually through a prepaid debit card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls,” or via a phishing email.
Scammers often alter caller ID numbers to make it look like the IRS or another agency is calling. The callers use IRS titles and fake badge numbers to appear legitimate. They may use the victim’s name, address and other personal information to make the call sound official.
The IRS Will Never:
Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you a bill.
Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
Require you to use a specific payment method for your taxes, such as a prepaid debit card.
Ask for credit or debit card numbers over the phone.
If you get a phone call from someone claiming to be from the IRS and asking for money and you don’t owe taxes, here’s what you should do:
Do not give out any information. Hang up immediately.
Contact TIGTA to report the call. Use their “IRS Impersonation Scam Reporting” web page or call 800-366-4484.
Report it to the Federal Trade Commission. Use the “FTC Complaint Assistant” on FTC.gov. Please add “IRS Telephone Scam” in the notes.
If you think you might owe taxes, call the IRS directly at 1-800-829-1040.
Avoid Email Phishing Attempts
There has been a surge in email scams this year that appear to be from a tax agency or a tax software company.
Never reply to emails, texts or pop-up messages asking for your personal, tax or financial information. One common trick by criminals is to impersonate a business such as your financial institution, tax software provider or the IRS, asking you to update your account and providing a link. For small business, these schemes may try impersonating a company leader and request payroll and human resource information for employees in your company. Never click on links even if they seem to be from organizations you trust. Go directly to the organization’s website.
And if it sounds too good to be true, it probably is. If you see an email that says "You won a free cruise" or "The IRS has a refund waiting for you," odds are high that it is a phishing attempt looking to get your personal information.
If you get a phishing email, remember this important advice:
Don’t reply to the message.
Don’t give out your personal or financial information.
Forward the email to email@example.com. Then delete it.
Don’t open any attachments or click on any links. They may have malicious code that will infect your computer.
More information on how to report phishing or phone scams is available on IRS.gov.
Fact sheet FS-2016-1, IRS, States and Tax Industry Combat Identity Theft and Refund Fraud on Many Fronts
FS-2016-2, IRS, States and Tax Industry Urge Taxpayers to Join the Effort to Combat Identity Theft
FS-2016-3, IRS Identity Theft Victim Assistance: How It Works
FS-2016-4, How New Identity Security Changes May Affect Taxpayers for 2016
Email: Phishing or Legit?
If you receive mail that purports to be from your email service provider telling you any of the following, it is more than likely a Phishing scam (the following are only a few of the things these emails will tell you).
If you look further down, below this list, there is more information and tips to help you discern if an email is legitimate or not. (I especially found the very last 2 lines, regarding hovering, to be most helpful).
1) Your account has been blocked
2) There has been unusual activity on your account
3) To update your account
4) To consent to the Electronic Communications Delivery Policy or your account will be deactivated
5) To upgrade your account
6) Your payment is overdue, sign in to Customer Central to confirm your payment
7) Your email address will be deleted
8) Your bill is ready to be viewed. Bogus emails may say this or something
."Please Read! Important message from <your email service provider>"
Dear <your email service provider> Customer,
Your June, 2012 <your email service provider> billing statement is ready for viewing. To view your bill, please download and extract the attachment. Enter your User Name and Password, and from the next screen select GO from the VIEW YOUR BILL option.
10) You get an email and the From address is <your email service provider>.User 11) A mail that purports to be from your email service provider which includes an attachment. Example: Download the attachments, complete the payment form to pay your July bill online and get your 50% Discount.
12) To update your credit card information and your service could be suspended if you fail to do so.
13) There was an issue with your last payment. You are required to validate your payment information in order to avoid service suspension. Update your payment methods. Update your credit card information as soon as possible.
14) <Your email service provider> has updated the online security contract. In order to get the last update click "Accept Terms Now" bellow and accept the "Terms & Conditions".
15) Our Security Department has been receiving complains about your email account and we are sending you this notification before we terminate your account.
16) Dear <your email service provider> User, Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours; we shall suspend your account. CLICK HERE to verify your email account now.
17) Your immediate attention is required. Our billing department has identified that there is an unpaid supplementary fee of $25.00 on your Internet Services. [Login to Customer Central] You must Log In as the Administrator/Parent account holder. If payment is not completed by [July 03, 2013] - we will be forced to suspend your account indefinitely. We are currently investigating this issue, if it is a system error, you may disregard this message.
18) A DGTFX Virus has been detected in your email folders and threatens to deactivate your email account if you don't send your email address, full name, password and phone number.
THERE IS NO SUCH THING AS A DGTFX virus. It’s just a string of letters somebody dreamed up to try and make their phishing campaign more believable. If you do a search for it, the only thing that will turn up in the results are numerous "this is a phishing scam".
19) Failure to do anything else that will result in your service being suspended
20) You have been overcharged by a specific amount which will be listed; I should submit a refund through the email.
21) Create your Refund Voucher because you were overcharged on your last bill. Will include links for you to use to sign in.
22) On a specific date an email upgrade will go into effect and that you need to upgrade my account before then. Even if there is an upgrade planned you won't have to update anything. These mails usually have a link for the supposed "upgrade" which if filled out will give scammers access to your account.
23) This is to alert you that you have to store your email information with us so it won’t disable your account we have upgraded our system and therefore we are asking our customers fill their email details online so as not to render their email account to be disabled thank you for your help resolving this matter.
You can verify/modify your email information here by clicking link below:
24) <Your email service provider> will undergo unscheduled system Maintenance today in order to improve your account. Please "told to click link here" to
Update Your Mailbox. Your account will be inactive if this survey is not completed.
DO NOT CLICK THE LINKS AND PROVIDE THE INFORMATION.
THESE ARE PHISHING ATTEMPTS. YOU WILL BE GIVING COMPLETE STRANGERS ACCESS TO YOUR ACCOUNT.
There is one way to know 100% if the mail is a phishing attempt. If the mail contains links that lead to a page wanting your user name, password or any other personal information /asks in the mail for you provide the info.
Be suspicious of any email or phone call that asks for your personal account information, such as user names, passwords, and account numbers. Email, phone calls, text messages, instant messages, or Web logs that appear to come from a reliable source may not always be authentic.
Be aware that legitimate email service providers will NEVER ask you for password information over the phone or email.
They will NEVER ask for billing or payment information through email whether by a link or in an attachment.
They will NOT send out disconnect/suspension notices for failure to pay via Email or for anything else you fail to do.
Official <Your email service provider> mail will never be sent with <Your email service provider>.User as the sender.
THESE EMAILS ARE PHISHING ATTEMPTS/SCAMS.
They won't include attachments for you to open in order to access your account.
Another sign of a phishing attempt is the sender address. If it contains @ with .2 letters it
was sent from a domain outside the United States. An example of this is @uc.cl (which is in
a post by a customer who received a phishing attempt from someone using that domain) cl
is for Chile. Each country has a domain code. A good search engine will help you identify the country. Most email service providers will not send mail from another country domain.
Another thing you can do is look at the headers in the email, which often contain clues that
your email service provider did not send it. If you don't know how to find the headers, ask your provider or inquire in their forum.
You can also hover over the From line in the Inbox to see where the email message was sent
from. If not Comcast or Xfinity, you know it is not legit.
Also hovering over the link in an email client will also show the URL. These URL's are a strong indicator the mail is not legitimate.