Tax scams have been around for a long time but they continue to grow more sophisticated day by day. Aided by advancements in AI and the increased usage of electronic communication by businesses, they can creep into any phase of the tax preparation process and target both clients and tax preparers themselves. Knowing what to look for and being able to recognize critical warning signs can be the hardest part for those who are uninformed so let’s discuss how to stay protected.

First, let’s break down the terminology used to describe the main tax scams facing the public. Phishing refers to attempting to trick a taxpayer via email into clicking a suspicious link or downloading a piece of malware in order to steal information. This can also look like asking a client to fill out a form that’s not legitimate. Smishing is the text or SMS version of this particular scam. Phishing attempts are usually less sophisticated and target large groups of people in the hopes of increasing the chance that someone will take the bait. Spear-phishing refers to the same scam, but directly targeting one specific person and using a much more realistic and tailored email. 

Clone phishing is one of the newer versions of phishing and refers to resending a legitimate message that you might have received from your tax preparer or software. It will look like and seem to be from the exact same sender (the email address is usually slightly different as a give-away) but typically contain a malware or spammy link to solicit information. Whaling is another more sophisticated version of phishing that targets executives or leaders at an organization that have access to a lot of client information. They can target HR leaders, financial professionals or even payroll employees in an attempt to compromise data.

What can you do to stay safe as a taxpayer? First, look out for warning signs. Like we mentioned, email addresses can be a major give-away that an email is not legitimate even if it has all the same branding and information as the original message and sender. This can be things like looking out for URL changes like .com vs. .gov as well as slightly misspelled variations and additional numbers when you hover over the email address with your cursor. Receiving duplicate emails from a trusted provider that contain new hyperlinks or attachments is also something to look out for. 

Generally, messages with an intense sense of urgency to fill out a form or click a link can be suspicious – they sometimes come in the form of needing to “update your password.” And finally, while some organizations do utilize text and email to share important messages, generally you should be cautious of any message that claims to be coming from the IRS, another government agency like the Small Business Administration, a credit card company, a loan company, a bank or a tax service provider and double-check every time to make sure it’s legitimate.  If you aren’t sure you can always reach out to them to ask or log into your account directly from the official website. 

Tax preparers can be on the receiving end of these scams just as much as taxpayers, with fraudsters posing as new clients and other phishing attempts to steal client data. For this reason, it’s important to make sure you choose a tax preparer that is securely guarding client data with appropriate security measures in place. At ClarkSilva, we make your personal information’s safety our top priority and always utilize the best, most thorough practices to safeguard data. If you are unsure about the legitimacy of a message you’ve received from the IRS or even a member of our team, feel free to reach out to us with any questions!