Cybersecurity Awareness Series - How to stay safe this tax season

Tax season can be a stressful time of year for many reasons. One cause of concern is that it provides ample opportunity for scammers.

With tax season here, it’s important to be aware of potential threats. Scammers tend to prey on taxpayers at a time when they are most vulnerable, particularly when they are worried about filing on time. They do this by impersonating bodies of authority such as the Internal Revenue Service (IRS), and by using official-looking logos and branding, making it difficultly to ascertain whether they are who they claim to be.

Awareness is key, and with some guidance and a few helpful tips, we hope to make this tax season a little less stressful.

What to be on the lookout for

The ultimate goal of a tax scam is for bad actors to trick people into either revealing personal information or making a payment, so they can file fraudulent tax returns and/or collect money. During tax season, the five most popular scamming tactics involve use of faux tax documents, vishing calls, phishing or SMiShing messages, fake charities, and company-targeted phishing. The breakdown of these methods are as follows:

  • Fake tax documents: Fraudulent tax documents can arrive as email attachments or links to malicious sites. For example, one might receive a malicious attachment labeled “Tax Return Transcript”, claiming to be from a tax authority. But it’s best to verify its authenticity by using known official websites (preferably those you have previously saved as bookmarks) or phone numbers (not those provided in the email) and ask yourself whether or not you were expecting such an email.
  • Tax authority-themed vishing (voice phishing) calls: According to security researchers, vishing attacks increased over 500% in 2021, and the largest increase occurred during Q1 and Q2—tax time! Malicious callers may pose as a tax authority employee, demanding payment by attempting to convince you that you owe back taxes and you are receiving a final warning before they take legal action. Usually they request payment via prepaid debit card, gift cards, or wire transfer.
  • Tax authority-themed phishing (email messages) or SMiShing (text messages): Received in the form of emails or text messages, this form of attack often includes official-looking logos or links to seemingly legitimate websites. Scammers will say they represent a tax authority, claiming that there is a problem with your return or that you are eligible for a larger refund. But remember, tax authorities will never ask for sensitive information via email or online.
  • Fake charities: According to the IRS, one of the most common tax scams involves requests for tax-deductible donations from fraudulent “charities”.  You can check the list of IRS-vetted (and tax-deductible donation-eligible) charities by using the IRS Tax Exemption Organization Tool. Take your time and do research on the organization before deciding to deploy any funds to their cause.
  • Company-targeted tax form phishing: In recent years, there has been an increase in W-2 (tax form) phishing attempts. Scammers will send emails to HR or an employee at a particular company, pretending to be an executive, asking for all employee W-2 forms. This provides attackers with info on hundreds, if not thousands, of individuals, which is often resold or used for identity theft.

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer.
  • Threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
  • Call unexpectedly about a tax refund.

This year, you should also be cautious of promoters that claim their services are needed to settle with the IRS, that tax debts can be settled for “pennies on the dollar”, or that there is a limited window of time to resolve tax debts through the Offer in Compromise (OIC) program1.

What you can do

While it may seem like there is a lot to remember, focus on these tips:

  • File your taxes early. If someone has already filed for you fraudulently, it can be more difficult to rectify your account. BNY Mellon offers centralized access to tax forms through the Wealth Online Tax Center. These include investment management and consumer banking account forms such as 1099s and K-1s.
  • Remember that the IRS does not initiate contact with taxpayers via text message, email or social media. Do not respond to any threat coming from these channels, even it appears legitimate. Stay vigilant and skeptical.
  • If you receive a suspicious unsolicited email surrounding tax penalty or payment, report it to your trusted tax advisor and the IRS at phishing@irs.gov.
  • If you have questions about your taxes, please contact your tax advisor as well as your BNY Mellon relationship manager to discuss the most suitable strategies for your situation.

If you plan to share sensitive financial documents with your relationship manager this tax season, BNY Mellon offers an easy way to send them through File Vault, a secure document portal accessible via Wealth Online. If you have a Wealth Online account, you already have access to File Vault and the Tax Center. But if you don’t, click here to enroll today.

  • 1 An OIC is an agreement between a taxpayer and the IRS that resolves the taxpayer’s tax debt.

  • This material is provided for illustrative/educational purposes only. This material is not intended to constitute legal, tax, investment, or financial advice. Effort has been made to ensure that the material presented herein is accurate at the time of publication. However, this material is not intended to be a full and exhaustive explanation of the law in any area or of all of the tax, investment or financial options available. The information discussed herein may not be applicable to or appropriate for every investor and should be used only after consultation with professionals who have reviewed your specific situation. The Bank of New York Mellon, DIFC Branch (the “Authorised Firm”) is communicating these materials on behalf of The Bank of New York Mellon. The Bank of New York Mellon is a wholly owned subsidiary of The Bank of New York Mellon Corporation. This material is intended for Professional Clients only and no other person should act upon it. The Authorised Firm is regulated by the Dubai Financial Services Authority and is located at Dubai International Financial Centre, The Exchange Building 5 North, Level 6, Room 601, P.O. Box 506723, Dubai, UAE. The Bank of New York Mellon is supervised and regulated by the New York State Department of Financial Services and the Federal Reserve and authorised by the Prudential Regulation Authority. The Bank of New York Mellon London Branch is subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. The Bank of New York Mellon is incorporated with limited liability in the State of New York, USA. Head Office: 240 Greenwich Street, New York, NY, 10286, USA. In the U.K. a number of the services associated with BNY Mellon Wealth Management’s Family Office Services– International are provided through The Bank of New York Mellon, London Branch, One Canada Square, London, E14 5AL. The London Branch is registered in England and Wales with FC No. 005522 and BR000818. Investment management services are offered through BNY Mellon Investment Management EMEA Limited, BNY Mellon Centre, One Canada Square, London E14 5AL, which is registered in England No. 1118580 and is authorised and regulated by the Financial Conduct Authority. Offshore trust and administration services are through BNY Mellon Trust Company (Cayman) Ltd. This document is issued in the U.K. by The Bank of New York Mellon. In the United States the information provided within this document is for use by professional investors. This material is a financial promotion in the UK and EMEA. This material, and the statements contained herein, are not an offer or solicitation to buy or sell any products (including financial products) or services or to participate in any particular strategy mentioned and should not be construed as such. BNY Mellon Fund Services (Ireland) Limited is regulated by the Central Bank of Ireland BNY Mellon Investment Servicing (International) Limited is regulated by the Central Bank of Ireland.

    Trademarks and logos belong to their respective owners. BNY Mellon Wealth Management conducts business through various operating subsidiaries of The Bank of New York Mellon Corporation.

    The information in this paper is as of March 2022 and is based on sources believed to be reliable but content accuracy is not guaranteed.

    ©2022 The Bank of New York Mellon Corporation. All rights reserved. 

    WM-251422