How much do you know about common tax season hacks and scams? When it starts raining W-2s and 1099s in springtime, staying cyber secure has implications for City staff both at work and at home. Scroll down to learn how to stay safe online this spring.
If the IRS Calls You, It's Probably a Scam. These Probably Are, Too.
In springtime, our places of work mail home or electronically share important financial documents like W-2s, initiating the beginning of tax season. This also means it's time to watch out for tax-related cyber hacks as scammers take advantage of confusion and prey on victims' increased willingness to share financial information.
Fake calls are one of the most common tax-related scams. Know that the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels or request personal or financial information this way. The IRS additionally will almost never call to initiate official business. Always be suspicious of calls or outreach on less formal channels about or from the IRS. Here are three common tax season scams to watch out for:
- Unknown numbers calling to demand immediate tax payment via a prepaid debit card or wire transfer (urgency is usually a giveaway that something is a scam!)
- Requests to pay taxes to an individual or organization other than the U.S. Treasury
- Threats of bringing in law enforcement groups
To report suspected IRS scams, call the Treasury Inspector General for Tax Administration. You may also report the caller ID and callback number to the IRS by sending it to phishing@irs.gov. Be sure to write “IRS Phone Scam” in the subject line.
To Sign or Not to Sign; Is That Real DocuSign?
Many City departments use DocuSign to e-sign and certify official documents online for business operations. Cyber hackers sometimes take advantage of first-time users or individuals' lack of familiarity with this online service by posing as fake signature services to try and infiltrate internal City systems with malware. Here's how it works:
1. Scammers pose as someone requesting a signature with a fake service that is actually just a corrupted Word document (pictured below).
2. Once a victim opens one of these malicious documents, dangerous code is written onto their machine.
Luckily, there's an easy way to sort through what is real and what is not. DocuSign services will only ever be online — never appearing as a Word document. If you are asked to offer an official signature via a Word document, think twice.
Always Safeguard Your Social Security Number
Social security numbers are important keys to a lot of accounts and information. This makes threats to cancel or suspend social security numbers due to false claims of unpaid taxes stressful and, unfortunately, effective.
Here are some best practices for keeping your social security number secret:
- Never use your social security number as a password.
- Don't send your social security number via electronic messages like email or SMS or text messages.
- Don't leave it via voicemail, either. If you need to use your social security number for official business, it is best to do it in person or live over the phone.
Donate to Charities and Nonprofits Directly
If you are considering donating to a charitable organization, such as one you may have learned about during the City's Heart of the City fund drive, be on the lookout for malicious requests for donations to charitable causes. Recently, scammers have been costuming themselves as trusted sources like the World Health Organization or the CDC and others using real logos and signatures — with a significant rise during the COVID-19 pandemic.
If you receive outreach from a charitable organization, check the source out online and donate money directly on their website — not through links in emails, no matter how trustworthy they appear!
Tax season is an important time to be on the lookout for scams aimed at the City as well as your personal accounts. Thank you for your constant vigilance.