Article Display

Tax time brings out scammers, phishing schemes

  • Published
  • By Joey LeBlanc
  • AETC OPSEC

It’s that time of year again. Time to bust out your W-2’s to complete your 1040s.  

Tax Day, April 18, is coming soon, and along with it comes the onslaught of fraudulent robocallers, scam artists, and general lowlifes posing as legitimate entities to try to scam you through phishing campaigns. 

As Tax Day approaches, remain alert. Scammers are using elaborate means via email or malicious websites to reel you in. They are attempting to gain your trust in the interest of stealing or compromising your personal information. 

To avoid phishing, you should understand the tools being used. Here is information from the Cybersecurity & Infrastructure Security Agency regarding phishing. 

  1. Lure: May be content using an enticing email. 

  1. Hook: An email-based exploit. Examples include: an email with embedded malicious content that is executed as a side effect of opening the email; an email with malicious attachments that are activated as a side effect of opening an attachment; or an email with “clickable” URLs: the body of the email which displays as a recognized, legitimate website, but the actual URL redirects the user to malicious content. 

  1. Catch: A transaction conducted by a bad actor following a successful attempt. This could include unexplainable charges or unexplainable password changes on your accounts.  

To keep from getting scammed, it’s important to understand how the IRS communicates electronically with taxpayers. 

The IRS does not initiate contact with Taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for personal identification numbers (PINs), passwords, or similar access information for credit cards, banks, or other financial accounts. 

If you believe you might have revealed sensitive account information, immediately change the passwords to those accounts. If you used the same passwords for multiple accounts, make sure to change the password for each account and do not use that password in the future. 

If you receive an email claiming to be from the IRS, do not reply or click attachments and/or links. Forward the email as-is to phishing@irs.gov, and delete the original email.  

If you receive a suspicious text message claiming to be from the IRS, do not reply or click on attachments. Forward the text as is to 202-552-1226, and then delete the original message. 
 
If you are a victim of any of the above scams, report it to: phishing@irs.gov