Protect Yourself against Identify Theft, Learn the Anatomy of a Phishing Scam by Joseph L. Saka, CPA/PFS
Posted on February 06, 2017 by Joseph Saka
During last year’s tax season, the IRS saw an approximate 400 percent increase in email, text and telephone phishing and malware incidents that left taxpayers victims of identity theft.
These scams “reel in” victims and “lure” them into disclosing personal information by posing as a person or organization the victims know, promising an exciting prize or threatening legal action for failure to respond. Once victims give up their data, criminals can more easily file fraudulent tax returns or commit other crimes.
As a general rule, the IRS reminds taxpayers to never give out personal information based on an unsolicited email request. Moreover, special care should be taken to avoid opening attachments or clicking on links contained in texts or emails, which can provide criminals with easy access to one’s identity and computer network. Often, criminals will go to extreme lengths to design an official-looking website, such as IRS.gov, that asks for personal information or carries malware that can infect one’s computer and mobile devices and allow criminals to access files or track keystrokes to gain information. Another common social engineering technique used by criminals involves email addresses that appear to be from individuals the victim knows, including coworkers or vendors whose email domains appear to be from trusted sources. However, once a victim responds to the email, his or her computer can be compromised.
To protect yourself from becoming a victim of identity theft and data loss, think before you click, and keep in mind the following commonly used phishing techniques.
- The Message Contains a Link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax-service providers and request that unsuspecting victims update their accounts or change account passwords. The email offers a link to a “spoofing site” that looks similar to a legitimate and official website. Do not click on the link. If in doubt, close the email and type in the legitimate website in a separate browser window to access your account.
- The Message Contains an Attachment. Scammers often include in an email message an attachment that, once opened, can download malicious software onto your computer without your knowledge. If it is spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you. Similarly, if you receive a suspicious attachment from someone you do know, stop and call the person or email them separately before opening it.
- The Message Contains a False, Lookalike URL. While an email may say it is from the IRS or your friend Bill, the fact is that scammers often use lookalike URLs to trick recipients into taking action. An example is the URL www.irs.gov.maliciousname.com instead of the correct URL www.irs.gov. Before clicking on the link, simply place the cursor (mouse pointer) over the URL and a pop-up will appear with the true website address.
- The Message Purports to Come from a Government Agency or Financial Institution. Scammers know that one of the best ways to trick consumers into opening an email and sharing their personal information is to frighten them by posing as a government agency, such as the IRS, or a financial institution. This is especially true during the tax filing season. Always remember that the IRS will never initiate contact with a taxpayer via email or telephone nor would the agency ask taxpayers for PINs, passwords or similar confidential information.
- The Message is from a Friend. It is common for criminals to hack someone’s email account and steal all of their contacts’ email addresses. Those contacts will subsequently receive an email from a “friend” that looks odd or doesn’t seem right. It may be missing a subject for the subject line or contain odd requests, language and typos. If the email seems “odd,” taxpayers should avoid clicking on any links or opening attachments. Call your friend to confirm that the email you received in fact comes from him or her and is safe.
About the author: Joseph L. Saka, CPA/PFS, CEO of Berkowitz Pollack Brant, where he provides a full range of income and estate planning, tax consulting and compliance services, business advice, and financial planning services to entrepreneurs, high-net-worth families and family companies and business executives in the U.S. and abroad. He can be reached at the firm’s Miami office at (305) 379-7000 or via e-mail at firstname.lastname@example.org.