According to the city of Philadelphia, cybersecurity recommendations have been issued in response to an Internal Revenue Service (IRS) warning against tax-based phishing attempts.
On day two of the annual Dirty Dozen tax scams campaign, the IRS warns again about phishing and smishing schemes from cybercriminals trying to steal taxpayer information. The Dirty Dozen is an annual IRS list of 12 scams and schemes that put taxpayers and the tax professional community at risk of losing money, personal data, and more.
The IRS and states are among the organizations that pose as legitimate organizations in the tax and financial community. However, in the form of unsolicited text or email, these messages lure unsuspecting victims into providing valuable financial and personal information, which can lead to identity theft.
This is why the city of Philadelphia has produced a list of enforcement priorities, which is not yet a legal document but is meant to alert people, companies, and tax preparers about potential cybersecurity scams.
Following are the recommendations made by the city:
- Do not trust text messages appearing to be from a respectable firm, such as a financial institution or a credit/debit card provider.
- Avoid SMS messages instructing you to call a phone number or visit a website to solve a problem or urgently confirm your information.
- Don’t reply to texts asking for private information, such as bank account information, before confirming the sender’s identity.
- Phone numbers that seem unusual, such as four-digit ones, may indicate using an email-to-text service. This is one of many strategies malicious actors can use to hide their identity.
- Make use of two-factor authentication. Two-factor authentication can provide extra security if you are the victim of a smishing attack and reveal one of your passwords. When you try to log in, biometric authentication employs fingerprint technology and facial recognition to authenticate your identity.
- Scammers often use alarming language such as, “Your account has now been put on hold,” or “Unusual Activity Report,” with a bogus “Solutions” link to restore the recipient’s account. Another possible target for scammers is unexpected tax refunds. Avoid clicking on those links at all cost.
The IRS contacts taxpayers by regular mail and will never reach them via email, text, or social media regarding a bill or tax refund.
To sum up, remember not to click on any unsolicited communication purporting to be from the IRS since it may include malware. It could also be a technique for evil hackers to install malware that prevents legitimate users from accessing their systems and files.
Individuals should never reply to tax-related phishing or smishing or click on the URL link. Instead, the scams should be reported. The report should include the caller ID (email or phone number), date, time, time zone, and number that received the message.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.