The 2021 IRS "Dirty Dozen" – Part Deux
As mentioned last week, the IRS has compiled its annual "Dirty Dozen" list of "nefarious schemes and scams", but this year decided to release the list in four stages, as do we here. Last time, we dealt with pandemic-related scams like Economic Impact Payment theft. This week, we tackle the issue of personal information cons, including phishing, ransomware and phone "vishing".
More specifically, the IRS warns all of us to watch out for unexpected email schemes, as well as those involving texts, phone calls and even social media messages, in which the con artist tries to convince you that you need to provide Social Security numbers, bank account or credit card information or passwords. The scam may also include sending links that once clicked can download malicious software that collects, or "mines" your personal data.
Tax-related phishing scams, which have been on the list for some time now, continue to persist, so taxpayers and businesses need to be alert for a continuing surge of fake emails, text messages, websites and social media attempts to steal your personal information. These attacks tend to increase during tax season and remain a major cause of identity theft throughout the year.
Phishing scams target individuals with communications appearing to come from legitimate sources, and seek to collect personal and financial data and potentially infect their devices by convincing the target to download malicious programs. Cybercriminals usually send these phishing communications by email but may also use text messages or social media posts or messaging.
These phishing schemes can be tricky and cleverly disguised to look like they're from the IRS or from others in the tax community. Don't fall for emails and other means that pose as the IRS, such as those promising a big refund, missing stimulus payment or even issuing a threat. People should not open attachments or click on links in those emails or text messages.
Impersonator phone calls/vishing is another area where the IRS has seen an increase in activity. You should always be wary of unexpected phone calls asking for personal financial information. Voice-related phishing, or 'vishing' as it is known, in particular from scams related to federal tax liens have increased. If you receive a call out of the blue, experts recommend asking questions of the caller, but not providing any personal information. If in doubt, hang up immediately.
The IRS reiterated the following things about its contact policy:
- The IRS generally first contacts people by mail - not by phone - about unpaid taxes.
- The IRS may attempt to reach individuals by telephone, but will not insist on payment using an iTunes card, gift card, prepaid debit card, money order or wire transfer.
- The IRS will never request personal or financial information by e-mail, text or social media.
If you receive an unexpected call from the IRS that you believe to be a scam, report it to the Treasury Inspector General for Tax Administration (TIGTA).
Social media scams, new to the list in 2020, continue to be a problem. Such scams frequently use events like COVID-19 to try to trick people. Social media enables thugs to lurk on accounts and extract personal information to use against the victim. These cons may send emails impersonating the victim's family, friends or co-workers.
Social media scams have also led to tax-related identity theft. The basic element of social media scams is convincing a potential victim that he or she is dealing with a person close to them that they trust via email, text or social media messaging.
Using personal information, a scammer may email a potential victim and include a link to something of interest to the recipient, but which contains malware intended to commit more crimes. Scammers also infiltrate their victim's emails and cell phones to go after their friends and family with fake emails that appear to be real, and text messages soliciting, for example, small donations to fake charities that are appealing to the victims.
It is so important to understand that information you publicly share on social media platforms can be collected and used against you. One way to circumvent these scams is to review privacy settings and, of course, limit the personal information you publicly share.
Ransomware, another newbie on last year's list, is still on the rise. Ransomware, a form of malware, is designed to block access to a computer system or data until a handsome ransom is paid, usually demanded in some form of cryptocurrency. In some cases, in addition to the attack, the perpetrators threaten to publish sensitive files belonging to the victims, which can be individuals or business entities.
Ransomware takes advantage of human and technical weaknesses to infect a computer, network, or server. This invasive software that the user inadvertently downloads, tracks keystrokes and other computer activity. Victims often are unaware of the attack until they try to access their data, or they receive a ransom request in a pop-up window.
The U.S. Treasury Financial Crimes Enforcement Network (FINCEN), has noted that ransomware attacks continue to rise across various sectors, particularly across governmental entities as well as financial, educational and healthcare institutions. Ransomware attacks on small municipalities and healthcare organizations have increased, likely due to the victims' weaker cybersecurity controls, such as inadequate system backups and ineffective incident response capabilities.
In our next "Dirty Dozen" installment, we'll be looking at scams involving fake charities, so-called "ghost" preparers and other schemes. See you then!