We at CalPERS care about the protection of our members’ information and assets. Providing awareness of potential scams is one way we aim to help. And since each year cybercriminals look forward to tax season to take advantage of unsuspecting victims, we’d like to offer some tips on how to keep safe this year.
Often—especially in the lead up to Tax Day—scammers lure consumers into giving out sensitive information through email, phone calls, texts, and free online tools. According to the U.S. Government Accountability Office, the information criminals receive enables them to collect $3.1 billion in fraudulent refunds in a single tax season!
Scamming attempts come in all shapes and forms, so you should be aware of the various tactics used by criminals to target you. The following outlines what you can do to ensure that your information is safe, and that your refund goes to you, not to others.
Phone Calls and Texts/SMS
The most common type of tax scam is when you receive a message from an unknown number. These messages can occur through a phone call or random text message. Usually the call has a sense of urgency, has links for you to click on, and requires you to make quick decisions. If you receive a message like this, it’s best to ignore it, delete it, or hang up.
The Internal Revenue Service (IRS) states that these messages are not how they communicate with taxpayers. The IRS never calls about taxes owed without mailing you a contact letter or a bill first. The only time you will be contacted is for an overdue tax bill or securing a delinquent return or payment, and they will only contact you after the initial letter. Additionally, they will never have a threatening demeanor or ask for credit card information over the phone.
If you do receive a call or text, refer to the following descriptors. These are the signs that the person contacting you is not the IRS, and rather, a scammer. The person or message:
- Vaguely references the “IRS” or “Legal” department.
- Has an aggressive demeanor and has a sense of urgency.
- Demands immediate payment and that you must pay your taxes without the opportunity to question or appeal the amount they say you owe.
- Requires you to use a specific payment method for your taxes, such as a prepaid debit card, wire transfer, credit card, or gift card.
- Threatens to bring in local police or other law enforcement groups to have you arrested for nonpayment.
In addition to normal phishing emails, scammers will leverage the tax season to disguise their emails with verbiage and links that may be enticing to click. If you’re being contacted regarding a refund check or new tax information, you should be suspicious. The IRS does not initiate any email communication with you and will only send emails if you have already started a dialogue with them. If the suspicious email is an initial email from the “IRS,” you can assume that the email, and the links within, are malicious. The IRS outlines their main methods of communication, but you should familiarize yourself with common phishing attempts that are reported by users:
- Initial emails from the “IRS.” The real IRS only sends emails once you have started a dialogue with them.
- Messages from the IRS on Facebook Messenger, Twitter, or any other online chat services. The IRS does not use these online tools for direct communications.
- Initial emails regarding a refund check. These emails usually sound too good to be true and will contain malicious attachments and links.
- Emails regarding tax advice and invitations to click a link or open an attachment.
- Emails asking you to download tax preparation forms that claim to offer perks like free filing.
- Messages regarding an auto enrollment of online W-2 or other work-related forms. Be suspicious of these if you never enrolled for these changes.
- Emails that appear to be from a tax software provider (such as TurboTax) or a professional tax preparer asking you to update your accounts (via a link) or download a form.
Other Types of Scams
In addition to digital messages through email, text, and phone calls, cybercriminals have many other tactics. Criminals try to exploit our human nature by presenting offers that sound too good to be true or take advantage of a person’s willingness to give back. Although these tactics are not as common, if you receive these messages, it’s best to ignore them, delete them, or hang up. A few of these scams, which the IRS provides alerts about, are as follows:
- Fake charity solicitations
- Natural disaster donations
- Tax shelter advice
- Companies “working” on behalf of the IRS
- Solicitations regarding tax seminars on how to “legally” not pay taxes
The IRS also recently released its annual “Dirty Dozen,” a list of common scams that taxpayers may encounter year round, but especially during filing season.
Steps to Take if You Become a Victim
If you are a victim of identity theft through any scam, or already know your information has been compromised, the IRS recommends these steps:
- File a complaint with the Federal Trade Commission (FTC).
- File a report with local law enforcement.
- Contact the credit bureaus to place a fraud alert and credit freeze on all your credit records. Credit Freezes will stop criminals from opening new accounts in your name.
- Contact your financial institutions and close any financial or credit accounts opened without your permission or tampered with by identity thieves.
If your Social Security number (SSN) is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:
- If you receive an official IRS notice in the mail, call the IRS by using their toll-free phone numbers.
- Complete IRS Form 14039 (PDF), Identity Theft Affidavit, if your e-filed return is rejected because of a duplicate filing under your SSN. Use a fillable form on the IRS website, print, then attach the form to your return and mail according to instructions.
Two rules of thumb to follow if you believe you are being scammed: apply the adage “if it’s too good to be true, it probably is” and beware if it has a sense of urgency. If you believe the message is a scam, delete it or hang up, and do not respond. This is the best way to ensure your personal and tax information is safe. Additionally, the easiest way to know with certainty that you are interacting with the IRS is to contact the agency directly through their website, or call their toll-free phone numbers.
Protecting Your CalPERS Information
Should you encounter a potential scam involving your CalPERS information, call us at 888 CalPERS (or 888-225-7377) , Monday through Friday, 8:00 a.m. to 5:00 p.m. You can also report suspicious activity through our online form. Ensure you have secured your my|CalPERS account with a complex password, enabled the latest security settings, and reviewed your security image, message, and questions.
Updated 3/8/19: This article has been revised to provide information on the IRS Dirty Dozen.