In Part 2 of this series, we continue with the remaining tax scams. Click here to read Part 1.
The cancellation of your Social Security number:
The cyberattacker is now using this as a fear tactic as well. In these kinds of calls, abusive and threatening is very often used to intimidate the victim into paying the back taxes. If you say that you can’t, the next thing that is very often said is that your Social Security number will be cancelled. So, what should you do in these kinds of instances?
Immediately HANG UP! It is important to note that your Social Security number is your unique identifier here in the United States, and it can never be cancelled or withdrawn unless you explicitly start the process to do so. Second, in the case that you do owe the IRS money from previous tax years, contact them directly to work out a payment plan. Also, if the amount is small enough, you can even work out a payment plan on their website by directly accessing your tax account.
Other vehicles being used for intimidation:
Although e-mails and threatening phone calls are the two most widely used mediums by the cyberattacker in order to lure the victim in giving out their PII, they are also resorting to such things now as instant messages that are received on Facebook and Twitter. Heck, they have even started to use text messages as a way to scare their victim. What should you do in these cases?
If you suspect any sort of fraudulent messages coming your way, once again, contact the IRS, or your tax professional. The IRS also will never contact you via these means, nor should even your tax professional (unless of course, you have a long-term working relationship with them). Immediately shut down your social media accounts and delete any text messages that look suspicious to you.
Also, another tactic used by the cyberattacker is that they warn the victim about the very same scam that they are executing. For example, you may get an e-mail stating to be careful about tax fraud, with a link to a so-called secure website that looks just almost exactly like the IRS website, but instead, it is spoofed. So, the victim is then tricked to log into it in order to access their taxpayer account, but instead, on the other side, the cyberattacker is collecting all of these usernames and passwords in order to log in for themselves and steal whatever PII that they can get their hands on.
So, in the end, how do you know what is real for real and what is not? The IRS will never ever initiate contact their own asking for PII. The agent will only ask for it if you have called them first, in order to fully confirm your identity.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.