The IRS reminds taxpayers to be on the lookout for new, sophisticated email phishing scams that can compromise personal information and affect a taxpayer's refund. This week is National Tax Security Awareness Week and the IRS is partnering with state tax agencies, including the Maryland Comptroller's Office, and other industry stakeholders to remind people about the importance of data protection.
"One of my top priorities as Comptroller is to stop cyber thieves from tricking Marylanders with bogus emails seeking personal financial information," said Comptroller Peter Franchot. "Working together with our federal and state partners, we will hold accountable these scammers who take advantage of law-abiding taxpayers."
Phishing attacks use email or malicious websites to get personal information from the user. Typically, the criminal fools someone into believing the phishing email is from someone they trust. The emails often look and feel like authentic communications, but these targeted messages can trick even the most cautious person into doing something that may compromise data.
Taxpayers should be vigilant and skeptical. Even if the email is from a known source, they should use caution because cyber crooks are very good at mimicking trusted businesses, friends and family.
Here are six examples of email phishing scams:
• Emails requesting personal information. The thief might ask for bank account numbers, passwords, credit cards and Social Security numbers. This is the most common way thieves steal data.
• An email urgently warning the recipient to update online financial accounts at a hyperlink provided in the email. The link goes to a fake site.
• A message with an email address spoofing a familiar address to look like trusted businesses, friends and family. The fake address has a slight change in text, such as email@example.com vs firstname.lastname@example.org. Merely changing the "m" to an "r" and "n" can trick people.
• Emails saying the recipient has a tax refund waiting at the IRS or that the IRS needs information about insurance policies. The IRS doesn't initiate spontaneous contact with taxpayers by email to request personal or financial information.
• The message has hyperlinks that take someone to a fake site. In one example, the email says: "Following recent calculations, we notice that you are eligible to receive a tax refund. In order to start the refund procedure, please visit this link and follow the steps required." The link goes to a fake site. The IRS doesn't send emails asking for refund verification.
• The message includes a PDF attachment that may download malware or viruses. Never open an attachment from a suspicious email address.