Tax Identity Theft Awareness Week is January 28 to February 1. This annual campaign aims to help consumers be more informed about protecting themselves from tax-related identity theft and scams. Tax-related identity theft occurs when someone steals a Social Security number and uses it to claim a tax refund or get a job.
Throughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ sophisticated phishing campaigns to lure users to malicious sites or entice them to activate malware in infected email attachments. To protect sensitive data, credentials, and payment information, NCCIC and IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round.
Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. In many successful incidents, recipients are fooled into believing the phishing communication is from someone they trust. An actor may take advantage of knowledge gained from research and earlier attempts to masquerade as a legitimate source, including the look and feel of authentic communications. These targeted messages can trick any user into taking action that may compromise enterprise security.
Understand how the IRS communicates electronically with taxpayers
- The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
- This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
- The official website of the IRS is www.irs.gov.
Take action to avoid becoming a victim
If you believe you might have revealed sensitive information about your organization or access credentials, report it to the appropriate contacts within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, contact your financial institution immediately and close those accounts.
If you believe you might have revealed sensitive account information, immediately change the passwords you might have revealed. If you used the same password for multiple accounts, make sure to change the password for each account and do not use that password in the future.
Report suspicious phishing communications
- Email: If you read an email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to firstname.lastname@example.org, then delete the original email.
- Website: If you find a website that claims to be the IRS and suspect it is fraudulent, send the URL of the suspicious site to email@example.com with subject line, “Suspicious website”.
- Text Message: If you receive a suspicious text message, do not reply or click on attachments and/or links. Forward the text as-is to 202-552-1226 (standard text rates apply), and then delete the original message (if you clicked on links in SMS and entered confidential information, visit the IRS’ identity protection page).
If you are a victim of any of the above scams involving IRS impersonation, please report to firstname.lastname@example.org, file a report with the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission (FTC), and the police.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages consumers to review the Internal Revenue Service (IRS) publication Taxes. Security. Together., and NCCIC Tips on Preventing and Responding to Identity Theft and IRS and NCCIC Caution Users: Prepare for Heightened Phishing Risk This Tax Season for more information.
Categories: Science and Technology