Each year the IRS publishes the top dozen tax scams it encounters over the prior year. One of them that makes an all too common appearance on their list is the phishing scam. Here is what you need to know.
Phishing requires bait
Phishing is the act of creating a fake e-mail or website that looks like the real thing. This “bait” is then used to bring you into the scam by asking for private information. This includes your name, address, or phone number. It could also include potentially dangerous ID theft information like your social security number, a credit card number or banking information. The bait is often very real looking – just like correspondence from the IRS or the IRS web site.
How to avoid the lure
How do you know the phishing is fake? Here are some tips.
- The IRS never initiates contact via email. If you get an unsolicited e-mail from the IRS requesting a response, do not reply! Instead forward the email to: phishing@irs.gov
- Know the IRS or vendor web site. This includes the appearance, but more importantly the address. The valid address for the IRS is: www.irs.gov
- They may know some things. Good phishers already have parts of your identity, so just because they know things like your middle name and birth date does not make them legitimate.
- What about phone calls? Phishing over the phone is also a problem. If you receive an unsolicited phone call, get the person’s name and ID. Hang up. Then go to the IRS (or vendor) web site, take down their phone number and call them back using this phone number. Most fake calls are ended quickly when taking this approach.
- Don’t forget social media. Phishing can also happen via social media and texting. Virtually every digital resource has the potential to be used as a tool for theft.
What do phishers do?
When the phishers have your information, they can file false tax returns requesting refunds, steal bank information, set up fake credit cards, establish false IDs plus much more. Remember if it smells like a phish, it probably is.