We’ve previously written about tax scams, especially those involving the telephone. However, scams involving the telephone aren’t the only ones taxpayers need to be aware of. Another common scam, called phishing, uses e-mails and websites.
What Is Phishing?
Phishing is a scam that involves obtaining sensitive financial or personal information by posing as an official or legitimate individual or organization. The classic phishing scheme is the official looking e-mail that appears to have originated from your bank or other financial institution asking for private information, such as your username, password and social security number. The reason for requesting this information is a made up story about a possible security breach (or something similar) and that the organization needs you to verify your security information.
The e-mail usually looks very trustworthy, containing the bank’s logo and contact information, but the link in the e-mail sends you to a “spoof” website that only looks like your bank’s website. The scammers’ hope is that you believe everything is on the up and up and you willingly provide the requested information on the spoof website thinking it’s the real website. After that’s done, they take the information you just provided and sign onto your online bank account and steal your money. They may also attempt to steal your identity, as well.
The IRS Phishing Scams
The classic IRS phishing scam targets the taxpayer by sending them an official looking e-mail asking for personal information, such as date of birth, social security number and full name. The e-mail will claim that the taxpayer has qualified for a tax refund, but the taxpayer must provide information to receive it. Or it might claim the taxpayer is entitled to a large sum of money, such as from a lottery winning or inheritance. Whatever the story may be, the ultimate goal of the scammer is to get victim’s personal information.
With the personal information, the scammer can commit identity theft. One particular way it can do this is to file a tax return pretending to be the victim in order to steal the victim’s tax refund check. The victim may not realize they were the victim of this scam until they try to file their return and are notified that someone has already done so.
How to Spot IRS Phishing Scams
If you’re a skeptical or cynical individual, you’re probably less likely to fall for a phishing scam. Whenever something sounds out of the ordinary or too good to be true, it’s probably a scam. And if you’re not sure, you can always contact the organization directly by calling them with a confirmed telephone number you obtained from a legitimate website or document. Some of the more specific warning signs of a potential phishing scam include:
- The e-mail has a non-personalized greeting, such as “Dear Valued Customer” or “Dear Taxpayer.”
- Poorly worded sentences and typos.
- The URL link provided in the e-mail appears to show the real website’s name, but when you hover your mouse cursor over it, it lists a strange site’s URL in your browser.
- The URL provided is a slightly modified version of the actual (real) website. For example, instead of irs.gov, it lists irs.com or internalrevenueservice.org.
- It asks you for your username, password or PIN. The real organization won’t ask you for that information in an e-mail.
- The e-mail asks for “secret question” information, such as hometown, maiden name, favorite food, etc. If you need to provide that information, you’ll be asked to do so at the website you’re trying to log into.
What You Can Do if Sent an IRS Phishing E-mail
If you are the recipient or victim of an IRS phishing scam, report it through the IRS’ Report Phishing and Online Scams website.