Skip to navigation Skip to login
Thursday, March 21
Home » News Archive » 2018

News Archive

PAGE TOOLS: TEXT SIZE: Larger | Smaller Print Logo Print this Page

Phishing

IRS Sees a Surge in Email Phishing Scams

[Posted on 12/14/2018 at 2:07 PM]

With the approach of the holidays and the 2019 filing season, the Internal Revenue Service, state tax agencies and the nation’s tax industry warned people to be on the lookout following a surge of new, sophisticated email phishing scams. In 2018, the IRS recorded a 60 percent increase in bogus email schemes that seek to steal money or tax data. These schemes can endanger a taxpayer’s financial and tax data, allowing identity thieves a chance to try stealing a tax refund.

One recent malware campaign used a variety of subjects like “IRS Important Notice,” “IRS Taxpayer Notice” and other variations. The phishing emails, which use varying language, demand a payment or threaten to seize the recipient’s tax refund. Misspelling and bad grammar can be indications of bogus emails. The most common way for cybercriminals to steal money, bank account information, passwords, credit cards or Social Security numbers is to simply ask for them.

Phishing attacks use email or malicious websites to solicit personal, tax or financial information by posing as a trustworthy organization. Often, recipients are fooled into believing the phishing communication is from someone they trust. A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade as a legitimate source, including presenting the look and feel of authentic communications, such as using an official logo. These targeted messages can trick even the most cautious person into taking action that may compromise sensitive data.

  • The scams may contain emails with hyperlinks that take users to a fake site.
  • Other versions contain PDF attachments that may download malware or viruses.
  • Some phishing emails will appear to come from a business colleague, friend or relative. These emails might be an email account compromise. Remember, criminals may have compromised your friend’s email account and begin using their email contacts to send phishing emails.

Not all phishing attempts are emails – some are phone scams. One of the most common phone scams is the caller pretending to be from the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately, usually through a debit card.

Here are a few steps to take to protect against phishing and other tax-related schemes:

  • Be vigilant; be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are adept at mimicking trusted businesses, friends and family -- including the IRS and others in the tax business. Thieves may have compromised a friend’s email address, or they may be spoofing the address with a slight change in text, such as name@example.com vs narne@example.com. In the latter, merely changing the “m” to an “r” and “n” can trick people.
  • Remember, the IRS doesn't initiate spontaneous contact with taxpayers by email to request personal or financial information. This includes asking for information via text messages and social media channels. The IRS does not call taxpayers with aggressive threats of lawsuits or arrests.
  • Phishing schemes thrive on people opening the message and clicking on hyperlinks. When in doubt, don’t use hyperlinks and go directly to the source’s main web page. Remember, no legitimate business or organization will ask for sensitive financial information via email.
  • Use security software to protect against malware and viruses found in phishing emails. Some security software can help identify suspicious websites that are used by cybercriminals.
  • Use strong passwords to protect online accounts. Each account should have a unique password. Use a password manager if necessary. Criminals count on people using the same password repeatedly, giving crooks access to multiple accounts if they steal a password - creating opportunities to build phishing schemes. Experts recommend the use of a passphrase, instead of a password, use a minimum of 10 digits, including letters, numbers and special characters. Longer is better.
  • Use multi-factor authentication when offered. Some online financial institutions, email providers and social media sites offer multi-factor protection for customers. Two-factor authentication means that in addition to entering your username and password, you must enter a security code generally sent as a text to your mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone. 

This is a condensed version of content from an article in the Cypen & Cypen Newsletter, December 13, 2018.



Comments or questions for MOSERS?

Your opinions and questions are important to us. If you would like a direct response to a question, please include your name and email address below. If your feedback involves an email you received from MOSERS, please include the subject of that email with your comments below.

Help us help others. If you have a question, others may too.
If your question is of general interest and has not already been addressed on Rumor Central, we may post it there. We won’t use your name, email address or any other individually identifying information.


  1. (required if you desire a response from MOSERS)


  2. (required if you desire a response from MOSERS)

  3. Receive an email copy of your submission

  4. Please enter the numeric code above before submitting.


MOSERS
Missouri State Employees' Retirement System
Address: 907 Wildwood Dr., Jefferson City, MO 65102
https://www.mosers.org/images/mosers-logo-bg-375-280.jpg Phone: 800.827.1063 URL: Email: mosers@mosers.org Founded On: September 1, 1957