“Phishing” is one of the most insidious and dangerous identify theft scams, because it is one in which victims willingly participate.
The Oxford Dictionary defines phishing as, “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”
The boldest of phishing criminals have been known to present themselves as the Internal Revenue Service (IRS) or state tax agency, a sheen of legitimacy that often makes recipients nervous and more willing to comply. Requests for detailed personal information may arrive via email, in a text, or over the telephone. Once collected by the phishers, this data can be used to file fraudulent tax returns, open credit cards in your name, or commit additional crimes.
The IRS has been working with state tax authorities and the tax industry to help taxpayers recognize and avoid phishing scams. Here are some of the recommendations they have developed through their “Taxes. Security. Together.” program that can help you identify an email-based phishing scam:
- It contains a link.Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link to a spoofing site that may look like the legitimate official website. Do not click on the link. If in doubt, go directly to the legitimate website and access your account.
- It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
- It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as government agencies. Thieves often try to imitate the IRS and other government agencies.
- It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links.
- It has a lookalike URL. The questionable email may try to trick you with the URL. For example, instead of www.irs.gov it may have a URL like www.irs.gov.maliciousname.com. You can place your cursor over the text to view a pop-up of the real URL.
Your browser and email provider generally will incorporate anti-spam and phishing features. Make sure you use all your security software features. But the best advice is simply this: Don’t give out personal information based on an unsolicited email request or phone call.
To learn additional steps you can take to protect your personal and financial data, visit the Taxes. Security. Together. page. Or call Gray, Gray & Gray’s Tax Department at (781) 407-0300.