With tax season upon us, it is wise to be on guard for phishing and other attacks that can make it easy for others to assume your identity. Phishing, where an attacker uses social engineering to obtain information about or from you, can be particularly effective. Some attackers, for example, might call you on the phone and pretend to be from the IRS or a big tax preparation company (like TurboTax, H&R Block, etc.), then ask you personal information as if they are reviewing your files or preparing tax returns for you. In other cases, the attackers will send E-mails that misdirect you to a website they run that looks like the IRS website, a tax preparation company’s website, popular bank website, etc. When you enter your information through their user interface, they capture your login information, and then (in some cases) let you gain access to your account. After you log out, they login and take control of your account or steal information about you to open other accounts.
One of the best ways to avoid being the subject of a phishing attack is simply to always be skeptical. The IRS doesn’t typically just call or E-mail you out of the blue, and neither do most tax preparation companies. If you receive a suspicious call or E-mail, your most recent bill or other communication from the corresponding entity (i.e., the IRS, the tax preparation company, or your bank), or the website for the entity, will typically list a customer service phone number, and you should call that phone number to confirm that the call or E-mail is legitimate before clicking any links or providing any other, personal information.