America's Internal Revenue Service is warning taxpayers about a surge in phishing emails, links, and phone calls during tax season, according to Toni Birdsong at McAfee. The scammers pose as the IRS and threaten to seize the victim’s tax refund or have them sent to jail unless the victim makes a payment. The same is likely going on in other countries.
Many of the phishing emails also contain malicious links through which the attackers steal sensitive data, either by sending victims to a spoofed website where their information is harvested or by triggering the download of information-stealing malware. Scammers are also using threatening phone calls to demand immediate payment of taxes and to procure personal information from victims over the phone.
Birdsong stresses that the IRS will not demand immediate payment over a phone call or through an email, and it won’t threaten to involve law enforcement without warning. As a general rule of thumb, if you don’t already know that you have past-due tax bills or other missed payments, the first time you find out about them won’t be in a threatening email.
These scams prey on fear and rely on victims acting impulsively. Even if you think an email might be real, don’t click on any links and instead go directly to the IRS’ website using a search engine. If you receive a phone call, hang up and dial in the number of your local IRS office. In either of these cases, never reply with personal information.
The best course of action is to be aware of these scams and how to avoid them. Birdsong says you should “approach all emails with caution, even those from people you know.“ New-school security awareness training can educate your employees about these scams and enable them to respond calmly and rationally.