Tax time can equal scam time.

Since the coronavirus caused a company shutdown at Patty’s company, she was furloughed indefinitely and not getting paid. Her tax refund check was needed and way overdue. Patty walked to the mailbox for the third time today to see if the mail had come. Her refund check from the IRS had still not shown up. It was very late. Or was it?

Tax time can equal scam time. The downside of today’s incredible technology is that we are at a far higher risk of having our identities stolen. And the stolen information is often used to carry out scams related to our tax filings.

For that reason, each year, the Internal Revenue Service (IRS) publishes its most recent list of popular tax scams. And it reminds us that this period when we’re preparing our taxes for filing, we have to be the most vigilant.

Most scams entail some sort of phishing: an effort that typically uses unsolicited emails, phone calls or websites that claim to be legitimate. The goal is to lure unsuspecting victims into providing personal and financial information.

• If you receive a suspicious IRS-related email, ignore it. Just clicking open the email gives a fraudster valuable information like your IP address, device type, operating system version, geographic location and more. That can be used to create more appealing – and more trust-building – bait. Your chances of downloading an attachment or clicking on a URL could be better next time. They could also sell the information to others who are even more malicious.
• If you receive a suspicious IRS-related phone call, hang up. People impersonate the IRS every day. They use fake names, provide bogus IRS badge numbers and mask Caller ID numbers to make it look like the IRS is calling. One of the more common ploys is to call you and tell you your taxes are overdue. They demand immediate payment and say that the IRS is sending the police to your house right away to collect. They will ask for your credit or debit card numbers to stop the police – or deportation, revocation of your license or worse. They may even impersonate IRS Criminal Investigation agents.
• If you receive an unsolicited text message or SMS (short message service) claiming to be the IRS, disregard it. SMS phishing is called ‘smishing.’ It might go like this: you get a scam text that says, “User #77534: Your tax profile has been compromised. Text SENDNOW back to the IRS to secure your account.” If you respond, you allow malware to be installed on your phone that will silently collect personal data from the phone.

How do you know for sure it’s not the IRS?

To start, the IRS doesn’t use email, text messages or any social media to communicate with you about a personal tax issue regarding bills or refunds.

If you’re still worried it might have been the IRS that contacted you then you can contact the IRS directly. You can also contact your CPA. Here you have someone you work with regularly, whom you trust and who knows your tax file. Your CPA can tell you, based on your actual return, if you have anything outstanding with the IRS. Good CPAs have heard most of the scams and can steer you in the right direction.

What steps should you take to protect yourself?

Besides avoiding phishing and smishing ploys, the IRS suggests you:

• Protect your personal information, including any numbers related to Social Security, credit cards, bank accounts and utility accounts. These can all be used to open new accounts and drain your resources.
• Safeguard your personal data, mainly by providing your Social Security number only when absolutely necessary.
• Use security software and set it to update automatically, so it is effective against viruses, spyware and adware.
• Use strong passwords, ideally, 10-12 characters that mix letters, numbers and special characters, if allowed.
• Back up your files, including federal and state tax returns, onto back-up drives or cloud storage. And keep any drives or paper copies securely locked up.

What if you think you’ve been scammed?

Use the IRS’s new ID Theft Central, found at www.IRS.gov, to know who to notify in case of a possible security breach. Also, fill out the online form there that advises the IRS that your account has been breached or may be at risk.

So, what happened to Patty’s refund?

When the check didn’t show up in her mailbox, she contacted the IRS through their “Where’s My Refund” online tool. She discovered that criminals had filed a fraudulent return in her name, and the IRS had believed it was hers. They accepted the filing, paid the refund and were sending her a notice that her own return had been rejected.

She didn’t remember any phishing incidents, but her information could have been available on the “dark web” as the result of a store, bank or credit card company’s security breach. The IRS mailed her a 5071C letter to verify her identity and to confirm whether she had submitted the return. They then recommended she notify her banks and put a freeze on her credit report file. She also bought good identity theft protection.

Between global pandemics, market meltdowns and IRS scammers, we are living in surreal times. As they used to say on old TV show Hill Street Blues, “Let’s be careful out there.”