By Nathan Howard; and
Jason Kettler, IT Systems and Security Administrator
As cyber-crime becomes increasingly prevalent, individuals must become more proactive in protecting themselves–especially during tax season. Here’s how you can help minimize your vulnerability as a potential target.
1. Identify phishing emails.
Emails that typically direct you to take some action that will ultimately result in providing passwords, personal information or both to an individual or entity with criminal intentions.
Often, phishing emails appear to be from an individual you know or work with and request that you wire funds to them. Other examples include fraudulent emails sent to look like they are from a legitimate source, such as the IRS, but request that you provide personally identifiable information, such as your Social Security number.
Increasingly, already compromised personal and business e-mail accounts are used by criminals to perpetuate phishing and fraud. This requires an extra level of vigilance and verification before acting upon anything you receive via email.
Enabling multi-factor-authentication on your email account and any other financial account, where offered by the vendor, is currently the best defense against damage that may occur from a successful phishing attack. Contact your e-mail or account providers for details on enabling additional authentication steps. Click here for more information.
2. Beware of email that appears to be from the IRS or any State’s Department of Revenue requesting to provide tax-related information on investments or inheritance.
Do not reply, open any attachments or click on any links of emails that appear to be from the IRS or any State’s Department of Revenue requesting tax-related information. If you do any of these things, you may infect your computer with a virus or other malicious code. Immediately forward the email as-is to the IRS at phishing@irs.gov and then delete the original email.
For emails that look like a phishing attempt, but not from the IRS, again do not reply, open any attachments or click on any links. Forward the email as-is to the IRS at reportphishing@antiphishing.org and then delete the original email.
If you are concerned that the email contains malicious code or a virus, but it’s not from the IRS, do not reply, open any attachments or click on any links. Forward the email to your internet service provider’s abuse department and/or to spam@uce.gov and then delete the original.
If you click on an email that you believe may contain malicious code or a virus, visit www.OnGuardOnline.gov to learn what to do.
3. On the phone confirm the credentials of someone claiming to be from the IRS.
Record the employee’s name, badge number, call back number and caller ID, if any. Then call 1-800-366-4484 to verify that the caller is an IRS employee with a legitimate need to contact you. If the individual is an IRS employee, you should then call them back. If the individual is not an IRS employee, you should report the incident to phishing@irs.gov with the subject line “IRS Phone Scam.”
4. If you receive a letter, notice or form via postal mail or fax claiming to be from the IRS, verify the number online.
Go to the IRS home page and run a search based on any identifying numbers shown on the letter, notice or form that you receive or search the “Forms and Pubs” page on the www.irs.gov website. If the letter, notice or form you received is legitimate, you’ll find instructions on how to respond or complete the applicable document. If you don’t find information or instructions, or the instructions are different from what you were told to do in the letter, notice or form, call 1-800-829-1040 to determine if the document is legitimate. If it is not legitimate, you should report the incident to phishing@irs.gov.
5. When visiting the IRS.gov website, type in the address directly into your browser vs. searching for the site in general terms.
Searching opens you up to the possibility that someone has created a site titled similarly, but is not the IRS. This is another form of phishing that you want to avoid. If you do find yourself on a site that looks suspicious, send the URL/web address of the suspicious site to phishing@irs.gov with the subject line “Suspicious Website.”
6. Text messages that look like they are from the IRS are probably a scam.
Do not reply, open any attachments or click on any links. If you do any of these things, you may infect your computer or phone with a virus or other malicious code. Forward the text message as-is to the IRS at 202-552-1226 (standard text messaging rates will apply). If you are willing and able, the IRS would also like you to send a separate text with just the originating number to 202-552-1226 as well. You should then delete the original text.
© 2019 Moneta Group Investment Advisors, LLC. All rights reserved. These materials were prepared for informational purposes only. You should consult with an appropriately credentialed professional before making any financial, investment, tax or legal decision. Past performance is not indicative of future returns. These materials do not take into consideration your personal circumstances, financial or otherwise.
