Nesteggg Accounting

New IRS impersonation email scam

IRS Security

Security Summit warns of new IRS impersonation email scam; reminds taxpayers the IRS does not send unsolicited emails

WASHINGTON — The Internal Revenue Service and its Security Summit partners today warned taxpayers and tax professionals about a new IRS impersonation scam campaign spreading nationally on email. Remember: the IRS does not send unsolicited emails and never emails taxpayers about the status of refunds.

The IRS this week detected this new scam as taxpayers began notifying phishing@irs.gov about unsolicited emails from IRS imposters. The email subject line may vary, but recent examples use the phrase “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.”

The emails have links that show an IRS.gov-like website with details pretending to be  about the taxpayer’s refund, electronic return or tax account. The emails contain a “temporary password” or “one-time password” to “access” the files to submit the refund. But when taxpayers try to access these, it  turns out to be a malicious file.

“The IRS does not send emails about your tax refund or sensitive financial information,” said IRS Commissioner Chuck Rettig. “This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on-guard at all times.”

This new scam uses dozens of compromised websites and web addresses that pose as IRS.gov, making it a challenge to shut down. By infecting computers with malware, these imposters may gain control of the taxpayer’s computer or secretly download software that tracks every keystroke, eventually giving them passwords to sensitive accounts, such as financial accounts.

The IRS, state tax agencies and the tax industry, which work together in the Security Summit effort, have made progress in their efforts to fight stolen identity refund fraud. But people remain vulnerable to scams by IRS imposters sending fake emails or harrassing phone calls.

The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts. The IRS also doesn’t call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes. See Report Phishing and Online Scams for more details.

Follow these tips to protect data when shopping online

Follow these tips to protect data when shopping online

The IRS reminds holiday shoppers to protect their tax and financial data from identity thieves. All it takes is a few extra steps to prevent cybercriminals from stealing sensitive data, such as financial account information, Social Security numbers, and credit card information. Thieves could use this data to file a fraudulent tax return in 2019.

This tip is part of National Tax Security Awareness Week. The IRS is partnering with state tax agencies and its partners in the Security Summit to remind to taxpayers and tax professionals about the importance of protecting data.

Cybercriminals want to turn stolen data into quick cash. They do this by draining financial accounts, charging credit cards, creating new credit accounts or even using stolen identities to file a fraudulent tax return for a refund.

Here are seven steps taxpayers can follow to help protect their accounts and their money:

  • Avoid unprotected Wi-Fi. Unprotected public Wi-Fi hotspots may allow thieves to view transactions.
  • Shop at familiar online retailers. Generally, sites using the “s” designation in “https” at the start of the URL are secure. User can also look for the “lock” icon in the browser’s URL bar. That said, some thieves can get a security certificate, so the “s” may not always vouch for the site’s legitimacy. Beware of purchases at unfamiliar sites or clicks on links from pop-up ads.
  • Learn to recognize and avoid phishing emails. Thieves send these emails, posing as a trusted source, such a financial institution. or the IRS. The criminal’s goal is to entice users to open a link or attachment. The link may take users to a fake website that will steal usernames and passwords. An attachment may download malware that tracks keystrokes.
  • Keep a clean machine. This applies to computers, phones and tablets. Taxpayers should use security software to protect against malware that may steal data and viruses that may damage files.
  • Use passwords that are strong, long and unique. Experts suggest a minimum of 10 characters but longer is better. People should also avoid using a specific word in the password. They should also use a combination of letters, numbers and special characters.
  • Use multi-factor authentication when available. This means users may need a security code, usually sent as a text from a financial institution or email provider to a mobile phone. People use this code in addition to usernames and passwords.
  • Encrypt and password-protect sensitive data. If keeping financial records, tax returns or any personally identifiable information on computers, this data should be encrypted and protected by a strong password.

Stay Connected

Nesteggg Facebook

The Nesteggg Group ©2019
All Rights Reserved

Get in Touch

1127 St. Paul Ave
Tacoma WA 98421

1-(888) 987-NEST

accounting@nesteggg.com

Web Design & Maintenance by AquaZebra

constant contact