Phishing and malware incidents are up 400% this tax season, according to the IRS, as more and more people receive official-looking emails from fraudsters purporting to be from the IRS or other tax-related entities, including software companies.
“E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information,” the IRS warns.
Scammers want your Social Security number too. Messages might also arrive via text message or through social media. If you’ve received anything like this, it is almost definitely a scam: The IRS will NEVER EVER solicit personal information over email or text.
Some examples of subject lines used, according to the IRS, include:
•Numerous variations about people’s tax refund.
•Update your filing details, which can include references to W-2.
•Confirm your personal information.
•Get my IP Pin.
•Get my E-file Pin.
•Order a transcript.
•Complete your tax return information.
One of the potential outcomes is that thieves will nab your return before you even have a chance to file. As MONEY has previously reported, about one million refunds—worth a staggering $5.2 billion—were paid directly to scammers in 2013.
Here’s how to protect yourself: Never respond to emails asking for personal information, even if they seem threatening or urgent. If you receive an email from the “IRS,” call the IRS (800-829-1040) instead of answering electronically. Norton Security advises people to never submit confidential information on forms embedded in emails. Basically, don’t respond in any way to emails fishing (sorry) for personal information.
Further steps you can take to prevent someone from lifting your refund include changing your passwords every year (for your email account and for whichever tax service you use) and filing as early as possible. E-filing is still safer than mailing in your paperwork. Just don’t do it over public wi-fi or another insecure network. You should also opt to have your refund deposited directly into your bank account, if possible, rather than request a check be mailed (and possibly stolen before you get your hands on it).
And please, stop clicking links in emails from people/accounts you don’t know. “Whether they say they’re a retailer or the IRS, never authenticate yourself to any entity that’s contacting you,” Adam Levin, co-founder of Credit.com, told my colleague.
If you’ve received one of these scam emails, you can report it to firstname.lastname@example.org. Think your information may have already been compromised? Here are some steps you can take to minimize the damage.