Each year, the Internal Revenue Service compiles a list of the 12 most common, dangerous or costly tax scams. They call this list their “dirty dozen” and recommend that taxpayers stay vigilant during tax season. We will summarize these twelve scams for you, and highlight the steps you should take to protect yourself.
One of the most common scams in the internet age is phishing, and criminals will happily employ this tactic to steal sensitive financial information during tax season. Phishing is the act of using email messages to deceive victims into giving up personal information
or passwords: the emails appear to be from legitimate sources like the IRS, but will direct the recipient to go to a fake—albeit similar looking—website and enter their login credentials or personal data. These counterfeit websites may also host malware and viruses, but the act of phishing alone is so successful that this sometimes proves unnecessary. For example, in the wake of the Equifax security breach in 2017, the credit agency created an informational website for customers: equifaxsecurity2017(dot)com. A software engineer then created a similar website at the address “securityequifax2017(dot)com” to prove how easy scammers could copy a website and convince consumers to give them their information. His fake site was so successful that Equifax themselves tweeted out links to the fake site. While his website was not malicious, it dramatically proved how successful this fraud can be. Scammers adept in social engineering have the tools to make convincing copies of real websites easily, and they write emails that exploit human emotion. The fake emails often demand time-sensitive actions or suggest negative consequences if their directions are not followed, hoping the recipient will not double-check their authenticity.
Taxpayers can always avoid phishing attempts by checking with the legitimate agency or organization being mimicked. If an unsolicited email from the IRS appears in your inbox, call the agency and verify it. Government agencies often have strict rules about correspondence, and phishing emails will frequently break those rules by asking for personal information that is not required. Additionally, check website URLs for small differences, indicating you are on a fake site. The IRS recommends that taxpayers send any suspicious emails to phishing@irs.gov.