Don't Be a Victim of CybercrooksBack to all blogs
- What They Are After
- Email Attachments or Links
- Emails from the IRS
- Detecting Phony Email Addresses
- Embedded Hyperlinks
- Security Software
- Strong Passwords
- IRS Phone Calls
- Educate the Elderly
- Too Good to Be True
The best way to prevent your ID from being stolen, your computer from being hacked, or yourself from being tricked by some clever schemer is not to take their bait. These schemers will target you in a number of ways, including through email, regular mail and phone. Each one will try to scare you, appeal to your greedy side or trick you into allowing access to your electronic devices.
The most common way for cybercriminals to steal money, bank account information, passwords, credit cards and Social Security numbers is to simply ask for them in an unsuspecting way.
Here are a few steps you can take to protect against phishing and other email scams:
- Be vigilant and skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, the recipient should approach it with caution. Cybercrooks are good at acting like trusted businesses, friends, family and even the IRS.
- Emails and other electronic contact from the IRS. If you should receive an email claiming to be from the IRS or directing you to an IRS web site, you should know that the IRS never initiates contact via email. This includes asking for information via text messages and social media channels. The first thing you should do is contact this office. But above all, DO NOT reply to the message, open any attachments (which may contain malicious code that will infect your computer), or click on any links in a suspicious email or phishing website and enter your confidential information. The IRS never asks for detailed personal and financial information like PINs, passwords, or similar secret access information for credit cards, banks, or other financial accounts.
The address of the official IRS website is www.irs.gov. Do not be misled by sites claiming to be the IRS but ending in .com, .net, .org, or anything other than .gov. If you discover a website that claims to be the IRS but you suspect it is bogus, do not provide any personal information on the site.
- Double check the email address. Thieves may have compromised a friend's email address. They might also be spoofing the address with a slight change in text, such as by using firstname.lastname@example.org instead of email@example.com. Merely changing the "m" to an "r" and "n" can trick people.
- Remember that the IRS doesn't initiate spontaneous contact with taxpayers by phone or email to ask for personal or financial information. The IRS does not call taxpayers with aggressive threats of lawsuits or arrests. It is a common tactic for criminals to call, acting as an IRS agent to try collecting a tax bill and threatening to arrest you or have your home seized for payment. These same individuals will sometimes ask you to make payments using a gift card, which the IRS would never do.
- Don't click on hyperlinks in suspicious emails. It is common practice for cyber crooks to send out emails asking you to click on an embedded link to update your password or other sensitive information. Legitimate firms would not do that, so be safe and ignore and then delete the email. If the email is from a business or person you deal with and you are concerned, contact the business directly, either through its main webpage or by phone. Also remember that no legitimate business or organization will ask for sensitive financial information by email. Another trick cybercrooks employ is to hack into a friend's emails and then send you messages asking you to click on an embedded link in the email, which can end up installing malware on your computer.
- Use security software to protect against malware and viruses found in phishing emails. Some security software can help identify suspicious websites that are used by cybercriminals as well as detect malware on your computer.
- Use strong passwords to protect online accounts. Experts recommend the use of a passphrase, instead of a password, with a minimum of 10 digits, including letters, numbers, and special characters. But don't use a family name or birth date, as cybercriminals may already have that information and will try it.
- Use multi-factor authentication when offered. Two-factor authentication means that in addition to entering a username and password, the user must enter a security code. This code is usually sent as a text to the user's mobile phone. Even if a thief manages to steal usernames and passwords, it's unlikely the crook would also have a victim's phone.
- Communication from the IRS. If you receive a phone call, fax, or letter from an individual claiming to be from the IRS, you should immediately contact this office before providing any information. You should do this whether you suspect the contact is legitimate or not. You can also contact the IRS at 1-800-829-1040 to determine if the IRS has a legitimate need to contact you.
- Educate the elderly. The elderly are frequent victims of scammers. If you have elderly family members or friends, take the time to sit down with them and educate them about scammers, email phishing and the like.
- Too good to be true. One of the tactics used by scammers is fooling you into thinking that you won a foreign lottery or have received a foreign inheritance and that you need to send money before the funds can be transferred. Remember the old adage: "If it is too good to be true, it probably isn't true."
- Report phishing scams. Should you receive a suspicious email, you can help the government fight the cybercrooks by forwarding it to firstname.lastname@example.org.
Always contact this office if you receive any communications from the IRS or state tax authorities. Be extra cautious with emails, phone calls, or mail. If you have questions related to phishing or ID theft, please call.