Avoiding Tax Scams in 2022

Last week, millions of Americans finalized their tax returns. For many, filling out the forms and sending in their return was an online process. Tax Day, however, isn’t the final day for scammers who are interested in harvesting your personal financial information. Here are some of the scams we see most frequently, and some of the quick tips for avoiding them:

• Scammers impersonate tax officials to trick you into giving them your money and data.

• The IRS doesn't ask for things electronically. They use paper mail.

• Google what you're interested in from an email instead of clicking the links.

• Visit https://www.irs.gov/payments/view-your-tax-account to check for real IRS notifications under your name.

• Use https://www.irs.gov/refunds to check on your refund.

• Forward emails or phone numbers of phishing to phishing@irs.gov

• Use https://www.treasury.gov/tigta/reportcrime_misconduct.shtml for everything else.

• Visit https://browserprotection.microsoft.com to block more phishing pages.

• Phishing remains the leading cause of big data breaches.

“Why should I care about tax scams? Can’t I just report fraud and get my money back anyway?”

"Thousands of people have lost millions of dollars and their personal information to tax scams." - IRS

Assuming you’re one of the lucky ones who does get their money back, you may fall prey to something much worse than losing large sums of money: seemingly endless bureaucracy and customer support phone calls.

“What do this year’s tax scams look like in 2022?”

The most common words and phrases we see in 2022 tax scam emails, texts, and voice messages are:

• “We are the Taxpayer Advocate Service…”

• “You need to fill out this form”

• “You owe…”

• “You will be … {fined, blocked, canceled, locked, liened, levied, arrested}” etc.

• “We need your bank information to…”

• “Please provide payment… with gift cards”

• “Attached is your W-9”

• “Attached is your refund”

For a deeper list, see also: https://www.irs.gov/newsroom/tax-scams-consumer-alerts

“But I think it's really the IRS this time!”

The IRS states clearly on their website: "The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information." but if you do want to double check check your IRS account on their website instead for messages https://www.irs.gov/payments/your-online-account”

If you’re concerned about your refund, you can check the status online or find the right phone number here: https://www.irs.gov/refunds

“How do I know it isn’t the real HR, Workday, QuickBooks, etc.?”

Some tax scams happen at the office. There aren’t that many HR, tax filing, and finance tools out there, so don’t be surprised if a scammer sends you an email with one of their logos. Use your browser bookmarks, google it, or ask your supervisor for the correct link to those services instead of using the links in the email. You’ll either get the correct link from your supervisor or you’ll learn it was a phishing exercise put on by your company.

“How do people fall for these stupid scams anyway?”

Nobody is immune to phishing scams, in the same way that nobody is immune to forgetting to buckle their seatbelt on occasion. Human brains can maintain vigilance for only so long. It is only a matter of minutes before our attentive brain kicks back and lets auto-pilot take over. Phishing scams aren’t successful because of their sophistication. They work, and continue to work to great effect, because they inevitably reach us when our brain is on autopilot. For that reason, we need to add to our auto-pilot brains simple but safe routines.

“What else can I do to stay safe?”

Once you habituate putting your seatbelt on, you even do it by accident when you sit in your car but don’t plan on going on a drive. Have you ever sat in the car, knowing you’d be waiting for someone for a long time but buckled up anyway then wondered why? That’s a low-cost error for a big savings in safety (and tickets). Similarly, you should establish habits for how you interact with email, text-messages, and phone calls. Instead of even considering clicking links in an email, just open a new tab and google the part of the email you’re interested in. You’ll either find what you’re looking for the safe way or discover reports of phishing - including those keywords.

Building those good habits will work better than any technology, but if you do want some support, there are browser plugins that will block some phishing web pages that make it past your email filters. Consider Microsoft’s free Defender Browser Protection browser plugin.

If you would like our support instilling those good habits in your organization, check out our Hive Systems ePhishiency phishing simulation offering to help you and your team stay ahead of the latest phishing threats - including tax scams!

Follow us - stay ahead.

Read more of the ACT