Teipen Logo

Latest phishing scams and what to do if you are hacked

Posted on March 18, 2018

Phishing schemes get more and more sophisticated every year. Lots of people fall prey to these scams, even CPAs, attorneys, and heads of corporations. Be sure you know what you are up against this tax preparation season, which is the time the majority of identity thefts occur.

Here’s what to be on the lookout for this year:

  • Cyber criminals have been attempting to steal client data from tax professionals to file fraudulent tax returns. They then use taxpayer bank accounts to direct deposit refunds, after which they reclaim the refund, claiming to be a collection agency or representing the IRS.
  • Versions of this scam may continue to evolve. Phone calls, emails and web sites are used to make the scheme more elaborate.
  • Criminals often pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name. They may pose as a bank, credit card company, school, human resource department, tax software provider, or government agency.
  • Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages. When a taxpayer logs in, they may unwittingly provide passwords, account information, Social Security numbers, or other sensitive information that can lead to identity theft.
  • Fake emails and websites also can infect a taxpayer’s computer with malware without the user knowing it. The malware gives the criminal access to the device, enabling them to access all sensitive files or even track keyboard strokes, exposing login information.
  • Data breach thefts such as 2017’s Equifax hack have given thieves millions of identity data points including names, addresses, Social Security numbers and email addresses. Your information may have already been compromised.

The solution?

  • Review your bank accounts frequently, especially after filing your tax returns and waiting for a refund.
  • Look for suspicious deposits or other unauthorized activities.
  • Do research before hiring someone to prepare your tax return. Make sure the business is fully accredited and authorized by the IRS.
  • Be sure your accounting firm or CPA has taken updated precautionary measures to protect your information before and after filing.
  • Never provide sensitive information to your tax preparer, bank, HR department, school, or place of employment using an unsecure email.
  • Never open an email from a source you do not know.
  • Don’t open emails from those you do know that contain random titles or are overly general in nature.
  • Check your Social Security Statement and retirement accounts on line for early fund withdrawals and suspicious transactions.
  • Monitor and verify your Credit report with all three national credit sources (Equifax, Experian and TransUnion).

Numerous data breaches in the past year mean all of us must be on high alert during filing season to any unusual activity.

Received an email or scam phone call?

The IRS does not initiate contact with taxpayers by email, text, or social media to request personal or financial information. If you receive an unsolicited email, letter or phone call that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it. Send it to phishing@irs.gov.

The IRS has joined with CPAs including us at Teipen Selanders Poynter & Ayres, as well as representatives of the software industry, tax preparation firms, payroll companies, tax financial product processors, and state tax administrators to combat identity theft refund fraud to protect the nation’s taxpayers. The more vigilant and informed we all are, the less successful these scam artists will be.