Working with your finances online can be both a blessing and a curse. On one hand, today’s technology makes it a breeze to crunch numbers, pay bills and file taxes from the comfort of your home — all things that were impossible a few decades ago. On the other hand, hackers and cybercriminals lurk in the midst, hoping to catch the perfect financial target at their most vulnerable.
As bad as cybercriminals are, however, they’re only as dangerous as the technology they deploy. And thankfully, with the sheer amount of security tech available to the average consumer, their options have grown more limited. That’s why they continuously rely on one of the oldest tricks in the book to attack their victims: the classic bait and switch tactic.
If you thought dealing with the IRS was difficult enough already, the latest scam brewing on the web will make your head spin. Hackers are using fake IRS websites to trick users into providing personal data and financial info. If they compromise your accounts, it can spell doom for both your privacy and your wallet. Here’s what you need to know to protect yourself from this sneaky trap.
Fake IRS websites ensnare innocent taxpayers, compromise data
A new security alert from the IRS revealed that a wide swathe of taxpayers has been targeted by a new campaign of sophisticated phishing websites. On their face, these sites disguise themselves as the legitimate IRS website. But a further inspection reveals that they are not who they say they are.
In tandem with a widespread spam email operation, the sites’ owners attempt to trick users into downloading malware that can compromise their computer. The IRS is even warning taxpayers that this malware may include “keystroke loggers,” which is a kind of malware that tracks the input of the keys on your keyboard.
With this, a hacker can easily gain access to passwords you type, as well as glimpse private conversations and other private data.
How does the scam work?
The IRS discovered the phishing campaign after numerous reports from taxpayers about suspicious emails they received claiming to be from the agency. The emails claim that important information regarding the user’s tax return needs review and provides a “temporary password” for them to use on a linked website.
The website, when opened, directs users to a phony landing page that infects the user’s computer with malware.
According to the IRS, scammers are operating multiple sites with different URLs, making the entire ordeal much harder for the agency to monitor and control. The alert, it seems, is their counterattack against the forces behind the scam.
How can I protect myself from this new IRS scam?
Thankfully, this scheme is something you can easily avoid if you can spot the red flags. Just like any other phishing campaign, you’re only at risk if you click on the link or provide the scammers any personal information.
As we’ve said before, it’s never wise to share any personal data over the web, no matter how legitimate the site may seem. Unless it’s the official website of a trusted organization that you, yourself, navigate to, it’s possibly spoofed.
As for red flags, always keep an eye out for typos and spelling errors, unusual URLs, and unorthodox requests for personal information like PINs, bank account numbers and the like.
The IRS, in its alert, stresses that it never asks for data like passwords or debit card numbers. It also states that it would never initiate contact by email, text or social media. Instead, it prefers the old fashioned approach of mailing you.
If you’ve already clicked on a suspicious IRS link or provided any personal information, you should contact a credit agency and consider freezing your credit. Additionally, you may want to contact your bank and inform them of potential identity theft just in case. In the end, it’s better to be safe than sorry.