With a lot of holiday shopping now being done online, the Internal Revenue Service is warning customers they are also being shopped in an entirely different way.
The IRS and its Security Summit partners say identity thieves and other scammers are looking for personal information, especially between the holiday shopping season and the upcoming tax season. This includes more true-to-life phishing emails and, in another trend seen this year in Kansas, smishing or text-based scams.
Especially during the holidays, there may well be false messages looking like they are from delivery services. As tax season approaches, an increasing amount of scams will pretend to come from the IRS or others in the tax industry.
IRS-approved safety tips to remember during the holiday season and throughout the year
During the busiest time of the year for online shopping, the Security Summit reminds taxpayers of some important steps to protect themselves and their information from data thieves:
*Shop at online sites with web addresses that begin with the letters “https:” the “s” stands for secure communications. Also look for a padlock icon in the browser window.
*Don’t shop on unsecured public Wi-Fi in places like a mall or restaurant.
*Ensure security software is updated on computers, tablets and mobile phones.
*Watch out and help protect the devices of family members who may not be technologically savvy, a wide range that goes from young children to older adults.
*Make sure anti-virus software for computers has a feature to stop malware, and that there is a firewall enabled to prevent intrusions.
*Use strong, unique passwords for online accounts.
*Use multi-factor authentication whenever possible.
IRS-approved simple steps to protect taxpayers
In addition to those protective steps, taxpayers should be wary of a variety of email scams. Throughout the year, taxpayers should be aware of different types of email phishing scams that identity thieves and scam artists commonly use. These include:
*Phishing/Smishing – Phishing emails or SMS/texts (known as “smishing”) attempt to trick a recipient into clicking a suspicious link, filling out information or downloading a malware file. Often phishing attempts are sent to multiple email addresses at a business or agency, increasing odds that someone will fall for the trick.
*Spear phishing – This is a specific type of phishing scam that bypasses emailing large groups at an organization, instead identifying potential victims and delivering a more realistic email known as a “lure.” These types of scams can be trickier to identify since they don’t occur in large numbers. They single out individuals, can be specialized and make the email seem more legitimate. Scammers can pose as a potential client for a tax professional, luring the practitioner into sharing sensitive information.
*Clone phishing – This is a newer type of phishing scam that clones a real email message and resends it to the original recipient pretending to be the original sender. The new message will have either an attachment that contains malware or link that tries to steal information from a recipient.
*Whaling – Whaling attacks are very similar to spear phishing, except these attacks are generally targeted to leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can target people in payroll offices, human resource personnel and financial offices as well as leadership.
