Beware of Email Attachment Scams This Tax Season
It’s so easy to pay taxes from the comfort of your home. Even if you work with a tax officer instead of using one of the many online options , you don’t even need to talk on the phone anymore. Personal meetings? Never. Just upload your forms online and your tax professional takes care of the rest.
But this ease has made file servers vulnerable to fraudsters who want to steal all this personal information that is sent back and forth. It looks like hackers are targeting tax preparation companies this season and your personal information could be at risk. This is stated in the data security company Proofpoint ‘s report released by Threatpost.com this week.
Scammers have used several tactics in an attempt to steal personal information:
- Scammers send tax-filing emails to small businesses to trick users into installing malware. They then take control of that user’s computer and make changes to the company’s website to redirect consumers who click on the items they changed, continuing the attack.
- Scammers are impersonating someone you have corresponded with before, claiming to be sending an attachment that you need to open. When you click on this application, software is installed that allows a fraudster to take control of your computer.
While you can’t save everyone from phishing attacks, you can show a healthy dose of skepticism to keep your finances safe during tax season – and throughout the year.
“When people find out about these tax scams, they are much more confident and subsequently have the power to hang up on a fraudster or delete an email or text message that could otherwise lead to problems,” said Eric Krohn, a security specialist. … defender KnowBe4 . “It looks like a magic trick in this respect. Since many of them are based on redirection, once you know how the trick works, you can detect the redirection effortlessly. “
Choose your tax preparer carefully
The first step you can take to protect your information during the tax period is to check your tax filler.
“Once you have chosen your tax specialist, be sure to slide against him due diligence, – said Patrick Hansel, on CFP professional and advanced planning Policygenius . “Ask for their Taxpayer Identification Number (PTIN), which is assigned to all IRS tax preparers and proves they are legal. You can also ask about other qualifications, such as whether they are a Certified Public Accountant (CPA) or a tax attorney. “
Then, when it’s time to share your forms and other documents, don’t trust email to keep them safe. “When submitting tax documents to your tax professional, be sure to use an encrypted file sharing method rather than just attach them to an email,” he said.
“The tax accountant must request every time that everything is transferred in a safe and secure manner, regardless of the online tool they request to use,” said Richard Byrd, director of customer relations at Ping Identity .
If your tax preparer looks like he’s taking a shortcut, that’s a red flag. “Hey, instead of putting this document on a secure file sharing service, just send it to me now,” that would be a compelling indicator to find another tax inspector, ”Byrd said.
Byrd also recommended that you be wary of any tax preparer who clearly uses the free version of any software or online portals to work with you. “Government audits have made it clear that the ‘free’ tax filing tools are much less secure than commercial ones,” he said.
Don’t let your email down
But let’s say you receive an email that says it is about your taxes. Maybe it’s from someone in your company who claims that you have the correct you a form W-2 . Or you will receive an email from the tax inspector asking you to review the attached document.
What should you look for if you receive a letter that makes you suspicious?
Tim Sadler, co-founder and CEO of software company Tessian , shared this quick list to look through before opening email attachments:
- Check the sender. Do the names and email addresses match? Does the agency look legitimate by name and email address? Attackers often exploit the fact that mobile email only displays the display name, not the full email address, and change the display name to a familiar victim.
- Check for errors. Are there any spelling mistakes? Bad grammar?
- Do not rush into anything. If you are unsure, you can check the sender’s legitimacy by calling the organization or agency directly. Do not download attachments or follow links unless you are sure they are safe.
- Be skeptical. Do you usually expect to receive emails from this sender on this topic? If not, then ask if the sender is legitimate.
If you receive a letter that looks suspicious, please report it to the FTC . And tell the person who allegedly sent you this questionable message. A good tax preparer will want to know if there is a security gap that they need to fill as soon as possible.