It's Tax Identity Theft Awareness Week in the United States, which means that tax-related identity theft happens often enough to get the government's attention. The Federal Trade Commission (FTC) and Internal Revenue Service (IRS) have provided the public with a number of resources to help raise awareness on this issue. In this article, the FTC gives a short description on how tax identity theft works:
… scammers posing as IRS officials call and say you owe taxes. They threaten to arrest or deport you, revoke your license, or even shut down your business if you don’t pay right away. They may know your Social Security number — or at least the last four digits of it — making you think it really is the IRS calling. They also can rig caller ID to make it look like the call is coming from Washington, DC.
Before you can check out the callers, you’re told to put the money on a prepaid debit card and tell them the number — something no government agency would ask you to do. Once you do it, you find out it was a scam, and the money is gone.
There are a number of ways that a criminal could get your Social Security number (MS Word doc), including stealing your mail or other sensitive documents. Malicious email is just one way that a criminal can turn you or your friends and colleagues into victims. However, it is the cheapest and easiest way to quickly reach a large number of potential victims.
Slawek Ligier, VP of Engineering, wrote about tax-related spam and phishing in his recent Techspective article:
The months leading up to the US tax filing deadline of April 15 is another period of time when we can expect an increase in malicious email. The spam you see during tax season often lures victims with promises of tax rebates, tax forgiveness, or even offers of employment in a tax processing related field. Most of these scams will have been seen before, but there are always new victims to be found.
The best thing you can do right now to protect yourself from tax-related fraud due to malicious email, is continue to follow the best practices that we've recommended before. Keep updated spam and malware protection on your workstation and mobile devices, and use an email security gateway to protect your infrastructure. Never reply to a suspicious email or execute an unknown attachment. And always remember, the IRS won’t contact you by email, text, or social media. If the IRS needs information, it will first contact you by mail.
For more information on tax-related identity theft, see these resources:
- FTC site on Tax Identity Theft Awareness Week
- What to do if you are a victim
- FTC Identity Theft Website