Scams involving attempts by fraudsters to improperly obtain personal or business data never go out of season. The latest reminder of this came shortly before Thanksgiving, when the IRS issued a warning about a spike in bogus emails containing the phrase “tax transcript” in the subject line.
Use of this term is the latest twist on an old scam in which scammers impersonate the IRS or financial institutions and try to get people to open attachments or click on links that put malware on the computers. The malware can allow scammers to get access to sensitive data from individuals or businesses, including Social Security numbers, to be used in committing various types of fraud.
Here are three tips to help protect against this and similar scams.
Be dubious of any email claiming to be from the IRS.
IRS policy is to not send unsolicited email messages to members of the public. This is a longstanding practice of the IRS.
When the agency initiates contact with a taxpayer, it does so by letter in the U.S. mail, not by email or phone calls. You should therefore be dubious of any email that purports to be from “IRS Online” or some other IRS-related entity.
If you get a suspicious email claiming to be from the IRS, don’t open it or any attachments it contains.
If you get a dubious email like this on your personal computer, the IRS recommends deleting it or forwarding it to the IRS at [email protected]
If you’re using a work computer, there is another possible step. If your company is large enough, it may have an IT department or other appropriate technology professionals who should be notified of the potentially fraudulent email.
Become more aware of what malware can do.
Malware is a pernicious problem that has persisted for years in the online world. It is particularly troublesome for businesses with extensive computer networks because once an infected email gets is, it can spread throughout the system.
The malware involved in the current “tax transcript” scam is a rather notorious malware known as Emotet. Scammers have often used it in emails seeking to steal information by masquerading as legitimate requests for information from financial institutions.