‘Tis the season … for scam alerts — Business Management Daily: Free Reports on Human Resources, Employment Law, Office Management, Office Communication, Office Technology and Small Business Tax Business Management Daily
  • LinkedIn
  • YouTube
  • Twitter
  • Facebook
  • Google+

‘Tis the season … for scam alerts

Get PDF file

by on
in Payroll Today

Tax season is a bonanza for identity thieves. While the IRS has been grappling with ID thieves for years, the Social Security Administration (SSA) has reported its first phishing attempt. Here’s what you can tell employees now.

irs.gov—always a target-rich environment

Tax returns have all the information an ID thief needs. So it’s not surprising that the IRS’ website has been the main target of phishers for years. Phishers’ phony websites appear identical to the IRS’, but entice taxpayers anxious for their refunds to divulge personal information, including, crucially, their Social Security numbers (SSNs).

Scammers fake Social Security email

According to the SSA, the phony email that’s floating around has a subject line of “Get Protected.” It reviews new features from the SSA that purport to help taxpayers monitor their credit reports and learn about unauthorized use of their SSNs. It even takes the brazen step of citing the IRS and an official-sounding “S.A.F.E. Act 2015.” It may sound real, but it’s 100% bogus.

How to tell fake government websites

Phishing emails have one purpose—to motivate recipients to click on the embedded link. Once clicked, malware—like viruses and spyware—can be installed on their computers. Or the link might send recipients to a spoof site—a look-a-like website set up by the scammer to trick recipients into entering their personal information.

Here are some clues about how to tell a fake IRS or SSA website or email:

  • The website or email contains misspellings, grammatically-challenged text or aggressive language regarding tax collection activities
  • The email ends up in recipients’ spam folders
  • Recipients are invited to click through and provide their SSNs
  • URLs end in .com, .org or .net.

Help employees help themselves

Employees who are unsure whether an email is a legitimate federal agency communication should contact that agency directly, but they should find the agency’s contact information themselves. Employees can click on www.usa.gov/federal-agencies/a to find the agency they need to contact.

Employees who want to track their tax refunds online can go to https://www.irs.gov/Refunds. Also, remind employees that the IRS never contacts taxpayers by mail, phone or email, and never asks them to disclose personal information. Finally, report suspected phishing attempts to the IRS at https://www.irs.gov/uac/Report-Phishing.

As for other phishing attempts, tell employees to report them to the Federal Trade Commission by forwarding the email to spam@uce.gov—and to the real organization impersonated in the email.

Leave a Comment

Previous post:

Next post: