Important Updated Information!
This article references the attempt by the IRS to use ID.me as the sole authentication method for various processes and access related to taxes. As of February 7th, the IRS has rescinded this decision due to backlash from taxpayers.
We’ve made it through one month of 2022. That means that tax season is approaching and with it, the onslaught of phishing and scam emails about taxes, tax forms, refunds, and any other tax-related topic cyber-criminals can come up with. With tax preparation being an annual event for most people, it doesn’t hurt to get a reminder early on about what kinds of fraudulent emails, phone calls, and even text messages are possible during this time.
“Whatever works” is the tax scammer’s motto, and with everything still as “fluid” as it is with fears of COVID and other worries, 2022 is lining up to be a doozy of a year for tax scams. In addition, the IRS is rolling out a new strong authentication system by ID.me for accessing tax information. More on that in a bit. First, some tips for a sane and unchaotic tax season.
- If at all possible, file early. Tax scammers love people who wait to complete their taxes, as this gives them opportunity to attempt to file fraudulent returns. Once you have all of your documentation and assuming you are financially able to make any potential payment if the numbers don’t go in your favor, go ahead and file your taxes. This cuts off many tax scams “at the pass”.
- Understand that the IRS will not initially contact you via phone, text or email. Only after you have established a request could that occur. Don’t fret over that scary text or email, or the somewhat convincing phone call you receive “from the IRS”. Delete or hang up immediately.
- The IRS does not accept gift cards as payment for any amount owed to them. Any “government official” who got past the previous tip and then asks for gift cards is fake.
- Going along with the previous tip, at no time will the IRS demand payment to anyone else except the U.S. Treasury.
- You should never provide Personally Identifiable Information (PII) anywhere other than on official tax forms. Any request for this information in an email, text or phone call is a red flag that the contact is fraudulent.
- You’ll never receive an attachment from the IRS via email. Any attachment is almost certainly malicious.
- Report any attempted tax scams to the IRS by emailing email@example.com.
We have so many options now to file our taxes. This includes the good ole’ “paper and pen, mail it in” way, in addition to any number of tax filing services and businesses, both brick and mortar and online. Choose your tax preparer carefully. Go with established names like H&R Block or Intuit, or carefully vet your choice by asking a few questions like “how do we exchange files or sensitive information?” or making sure that any website is using secure communications using https web addresses, not http.
If you decide to file your taxes online, be sure that the device you use is fully up to date with all available updates installed. Make sure that your password for the site is strong and unique. Don’t reuse a password from another account. If you need help with this, get a password manager and let it create and store strong, unique passwords for you. Also, use multi-factor or two-factor authentication if it is available on the site. This gives another layer of protection to your account.
Be sure you know your Identity Protection Pin. This is a six-digit number designed to prevent anyone from filing a claim in your name. Keep it safe (maybe in your password manager), and DON’T use your birth date. That’s just asking for a scammer to guess it. If you don’t know what it is, or are not sure you have one, check out this page at the IRS site for more information.
Much of this information was pulled from a tip sheet available at Stay Safe Online. The link will let you download this and you can then print it out if you want a handy reference. The sheet includes additional resources on how to report fraud and how to secure your tax filing experience.
Now back to this new form of strong authentication the IRS is rolling out. Enrolling in this system is NOT required for filing taxes, but to make payments, access the Child Tax Credit Update Portal and other routine tasks, enrollment will be necessary. Enrollment requires taking a video selfie with your smartphone or webcam-attached computer. For detailed information on how this works, check out this CNet article.
The article discusses the process in-depth and also addresses the MANY criticisms of the system, including the glaring fact that the government has outsourced the process of gaining access to government information to a third party. In addition, the facial recognition reportedly suffers from the same shortcoming of similar systems – misidentifying certain people. It also requires, to some degree, that everyone have access to either a smartphone or a webcam-attached computer. Again, all of this is discussed in the article. I strongly encourage you to go read it to be informed about this new facet of the Internal Revenue Service.
So…welcome to February! I do hope 2022 is starting out better than the previous two years for you.
One last thing! I’m looking for a creative student to help generate posters, social media posts, blog posts and other outreach materials. If you know someone like that, or you think you are that person, please have them (or you) apply at the student work portal. There’s no cybersecurity knowledge required, just the ability to work comfortably with social media platforms, use some simple creative apps to design posters and other materials, and a willingness to help others become more cybersecurity aware.
With MFA enabled on your Berry account, you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.
You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted.
Food For Thought
Link to comic: https://xkcd.com/2207