The IRS recently updated its list of the 12 worst tax-related scams in America, known as the Dirty Dozen. Several current Dirty Dozen cases involve social media phishing, where scammers use social platforms to impersonate someone that a taxpayer knows and trusts.
For example, a scammer might “lurk” on a user’s account, gathering personal information about the user from posts and public chats. The scammer then sends messages to the user that appear to come from a friend, family member or coworker. The messages may have links to websites related to the user’s interests. However, clicking on the links triggers a download of spyware (software that the scammer uses to steal more private information) or ransomware.
Alternatively, the scammer may hack into a social media user’s email or phone, then send fake messages to the user’s friends and family. These messages may trigger malware downloads, or ask for donations to fake charities. All of these phishing methods can ultimately lead to tax-related identity theft. The IRS advises everyone to check the privacy settings on their social media accounts, and limit what they share publicly to prevent lurkers from mining personal data. If you receive an email or message from someone you know with a link or file, confirm that they sent it with a phone call or message them back.
The IRS also reminds Americans of the ongoing threat of phone scams involving IRS impersonation. Scammers may claim to be calling about a federal tax lien, or may threaten people with arrest for supposed tax issues. Remember that the IRS rarely initiates contact with taxpayers by phone, and NEVER demands payment via prepaid debit card, money order, wire transfer or gift card. If you ever doubt the legitimacy of an IRS phone call, do not provide any personal information. Hang up, then call the IRS directly at 1-800-829-1040 to ask about the call you received, along with any supposed issues raised by the potential scammer.