The best offense is a good defense

Whether you’re an early bird, have just finishing filing your taxes for the mid-April deadline, or have a little extra time thanks to an extension, tax season always offers an important reminder. This season can be prime time for scammers, causing an uptick in fraud that reminds us just how important it is to stay on the alert all year round.

Cybersecurity continues to be a growing area of attention for all of us, and it’s one where knowledge is power. The more you know, the more you can do to help safeguard against potential scams and take action if an incident happens to you. We’ve rounded up some prevention best practices from CyberScout, a leading provider of identity and data defense services, and from the IRS to help you stay a step ahead this tax season and beyond.

Three facts to know

A quick look at the numbers shows how important it is to stay aware of identity theft and tax fraud risks:

1. Nearly 600,000 returns had some form of identity theft in 2017.¹ While the IRS has been able to lessen the number of individuals impacted in recent years, attacks continue to become more sophisticated.²
2. Tax season presents opportunities for scammers. A 400% surge in phishing and malware incidents was observed during the 2016 tax season.³
3. Fraudsters continue to adapt their methods—email phishing scams, for instance, jumped 60% last year.⁴ Still, as important as it is to be vigilant during tax season, many of these identity theft and social engineering scams persist throughout the year.

Four scams to watch for

While there are many scenarios to look out for, it helps to start with some of the most common ways that individuals and families can be targeted:

1. Phishing: Emails and more. Phishing was the #1 scam on the IRS’ Dirty Dozen list for 2019, a report of the year’s most common tax threats.⁵ Email phishing is common, and can occur when fraudsters send a message, appearing to be from usa.gov or irs.gov, that contains a fraudulent link directing targets to ‘update’ their information.⁶ Phishing can also occur over websites, text or social media.⁷ TIP: CyberScout reminds individuals that the IRS doesn’t initiate contact with taxpayers by email, text, or social media to request personal or financial information.⁶
2. Identity Theft: Tax fraud identity theft happens when scammers steal personal information or data related to your tax refunds, filing status, transcripts, and/or PIN information. Fraudsters first have to get your personal information—sometimes, they are able to get it directly from individuals they target by claiming to represent the IRS. They can then use that information to file a false return in your name, claim a refund and receive that refund check at a false address or PO Box.³ TIP: The IRS warns individuals be alert to tactics aimed at stealing their identities, which are prevalent throughout the year, and be especially careful when giving out personal data.^{5, 8}
3. Phone Impersonations: IRS impersonators can use advanced tactics, explains CyberScout. They may call with a false name and identification badge number, manipulate caller ID, and know a lot about the individuals they are trying to scam. They will commonly claim money is owed, pretend “official” letters to get in touch were undeliverable, and threaten individuals with arrest if they don’t receive payment. If their calls are not answered, they often leave a voicemail with an “urgent” callback request. ⁷ TIP: Scammers often request payment via prepaid debit card or wire transfer, methods which the IRS warns taxpayers should never use to make tax payments.⁹ CyberScout reminds individuals that the IRS will typically send notifications via official mail, not phone calls.⁶
4. False Charities: A not-so-charitable approach by scammers is to impersonate charities, encouraging individuals to make donations that they claim will be “tax-deductible.” TIP: Before donating to any charity, check to see if it is legitimate, warns CyberScout.⁶

Five tips to help you

So what can you do? Use these tips to help prepare yourself and your family, and help you take action if you do suspect an attack.

1. Be skeptical: Don’t click on suspicious links, and brush up on how the IRS contacts tax payers. Emails and phone calls are not typical communication methods about tax payments, and should raise flags.¹⁰
2. Report it: Know how to report phishing attempts to the IRS. Emails can be forwarded to [email protected], and calls can be reported to the same address with the subject line IRS Phone Scam.¹¹
3. Next year, file early: Fraudsters can’t file with stolen information if you’ve beaten them to it.¹
4. Use credit monitoring & ID prevention services: A sudden drop in credit scores is one clue that your identity may have been stolen.¹
5. Consider cyber insurance: It’s also important to think about how your insurance addresses cyber risks. Cyber coverage, often offered as an endorsement to your homeowners’ policy, can cover reimbursement of expenses associated with cyber threats including identity theft, social engineering (which can include phishing) and much more. Not all coverage is the same and it’s important to work with a provider who understands the changing cybersecurity landscape. Cyber services are another important piece of the puzzle. At Berkley One, we partner with CyberScout to offer clients services, such as 24/7 access to cyber specialists, that can help proactively minimize cyber and fraud risk, monitor for threats and manage the damage if a breach occurs—whether it happens during tax season, or throughout the year.

CyberScout offers identity management services; breach education, preparation, response and remediation services; fraud, credit and reputation monitoring services; and cyber security and data privacy consulting.