The Internal Revenue Service (IRS) recently issued a report that advises practitioners how to protect their clients from phishing emails sent by cyber thieves intent on stealing personal information and money.
These scam artists often claim to be from the IRS, other legitimate agencies or private companies.
The IRS and other legitimate organizations do not send e-mails, texts or social media communications asking for personal financial information such as usernames, passwords, PINs, or account numbers. They do not request the answers to their secret questions—the ones that you chose and answer to open an account with them (the name of your first pet, etc.)
They do not contact people in this manner if there is a data breach or other problem. The IRS will either wait for someone to contact them or send a letter with detailed information about contact details.
When a large company has a security breach, people usually hear about it in the news first. The company may contact its customers to tell them to change their passwords and user names themselves.
The IRS and legitimate companies do not request scanned identification documents be sent over the Internet, such as passports and drivers licenses.
One tipoff is that the email address of the sender may be misspelled or may not end in .com, .gov, or org.
Logos in emails are usually hot links to the sender’s website. Run your cursor over the logo. If the correct website address does not appear, the email is fake.
If you scan the email or the web address and another country’s code appears it may be fraudulent.
Tell your clients that they should not respond to a suspicious e-mail or even open it. This is especially true if they are on their smart phones. They should wait until they get home and can preview the email on a computer.
For more information, please read:
Warn Clients About Tax Phishing Scams | Wealth Management