March 11, 2022

Awareness can help you stay cyber safe during tax season

ITS security image
Shutterstock

Shutterstock

With tax filing season underway, Information Technology Services is reminding Huskers to stay vigilant and take precautions to protect your personal information and avoid fraudulent activity when filing. Tax season is prime time for cyber criminals targeting taxpayers, as personal information is more likely to be exposed over the internet.

During this time, remember that the IRS doesn’t initiate contact with taxpayers by email, text message or social media channels to request personal or financial information.

Detecting IRS-related phishing emails

The following are examples of spam messages that are commonly sent from an address using a slight variation of “irs.gov” (examples: irsgov.com, irs.com, etc.)

  • An email instructing you to update your IRS online account right away;
  • You qualify for a refund, but you must click on a link and fill out a form to access it;
  • Your credit card funds were fraudulently used by someone else, but you can recover some of the money by visiting the included website; and
  • You will receive a large sum in lottery winnings, a tax refund or an inheritance if you provide your personal and financial information.

Remember, the IRS will never contact you via phone, email, fax or social media to request personal or financial data or demand immediate payment

How to handle tax phishing scams

If you receive a suspicious email claiming to be from the IRS:

  • Do not respond or click on any links or open any attachments.
  • Use the “Report Phish” button in Microsoft Outlook to forward the email to the ITS Security team for investigation.
  • Report suspicious phone calls, faxes, text messages and mailed letters to phishing@irs.gov.
  • Report monetary losses on the Treasury Inspector General for Tax Administration and the Federal Trade Commission’s websites.

How to spot other phishing attacks

Phishing scams are a threat to consumers year-round, so keep an eye out for attacks unrelated to taxes and the IRS. Be suspicious of emails stating that you will lose something – such as access to your bank account or email – if you don’t respond or click on the stated link immediately.

Other signs of phishing schemes that imitate well-known businesses can contain:

  • Generic email salutations, such as “Dear valued customer” instead of your name.
  • Poor grammar or spelling errors.
  • Conflicting web addresses: Place your mouse over the link to see if the URL matches the typed web address in the message. If it doesn’t, it’s likely a scam. Avoid clicking the link.
  • Web addresses that resemble prominent businesses but are slightly different. For example, the URL of a spoof site mimicking Paypal.com may begin with “http” instead of “https.” Or the web address may be something like “secure-paypal.com” instead of PayPal’s actual URL.