A Guide to Your Cybersecurity

IRS impersonators and tax scammers are at it again.  They want your money and your information so they will mislead and pressure you about tax refunds, credits & payments, and your personal, financial, or employment information. Don’t give it to them. Here’s what you need to know.

• A big payday:  If it sounds too good to be true, it probably is. Bad tax advice on social media may mislead you about credits you can claim or convince you to provide incorrect information on tax forms.
• Demands or threats:  Impersonators want you to pay “now or else.” They threaten arrest or deportation. They don’t let you question or appeal the amount of tax you owe. 
• Website links:  Odd or misspelled web links can take you to harmful sites instead of IRS.gov.

• Email & text phishing scams: Taxpayers and tax professionals should be alert to fake communications from entities posing as legitimate organizations in the tax and financial community, including the IRS, state tax agencies and tax software companies. These messages arrive in the form of unsolicited texts or emails to lure unsuspecting victims into providing valuable personal and financial information that can lead to identity theft.  As a reminder, never click on any unsolicited communication claiming to be from the IRS.
• Bad social media advice: Social media platforms routinely circulate inaccurate or misleading tax information that can mislead honest taxpayers with bad advice, potentially leading to identity theft and tax problems.
• IRS Individual Online Account help from scammers: Swindlers can pose as a "helpful" third party and offer to help create a taxpayer's IRS Individual Online Account at IRS.gov. These third parties making these offers will try to steal a taxpayer's personal information and try to submit fraudulent tax returns in the victim's name to get a big refund.
• Fake charities:  Scammers set up these fake charitable organizations to take advantage of the public's generosity. They seek money and personal information, which can be used to further exploit victims through identity theft.

• Never click on links or open attachments in unexpected texts or emails:  Clicking could expose you to scams, download malware, or get your phone number added to lists that are then sold to other criminals. Delete the text messages & emails immediately.
• Never share financial or personal information with anyone who contacts you out of the blue:  The IRS and other government agencies will never call, text, message you on social media, or email to ask for your Social Security, bank account, or credit card number.
• Don’t respond at all to the text or email:  If you ever want to confirm that the IRS is actually contacting you, call the IRS directly at 800-829-1040. You can also visit the IRS website, www.irs.gov, to use the “Where’s My Refund?” tool to determine if you are really getting a refund.
• Report potential scams:  Forward email messages or phone numbers that claim to be from the IRS to phishing@irs.gov. Do not open the attachments or click on any links in those emails.

Share what you know:  By talking about potential scams with your friends and neighbors you may be protecting them from making a devastating mistake.

The internet offers access to a world of products and services, entertainment, and information. At the same time, it creates opportunities for scammers, hackers, and identity thieves. Learn how to protect your computer, your information, and your online files.

Protect Your Personal Information. In an effort to steal your information, scammers will do everything they can to appear trustworthy. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about why someone needs it and whether you can really trust the request. 

Protect Your Passwords. Here are a few ideas for creating strong passwords and keeping them safe:

• Use at least 10 characters; 12 is ideal for most home users.
• Try to be unpredictable – don’t use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.
• Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies where you do business – thieves can use it to take over all your accounts.
• Don’t share passwords on the phone, in texts or by email. Legitimate companies will not ask you for your password.
•  If you write down a password, keep it locked up, out of plain sight.
• Change your passwords every 90 days.

Consider Turning On Two-Factor Authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone or a random number generated by an app or a token. This protects your account even if your password is compromised.

Give Personal Information Over Encrypted Websites Only. If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address. That means the site is more secure.

Back Up Your Files. No system is completely secure. Copy your files to an external hard drive or cloud storage. If your computer is attacked by malware, you’ll still have access to your files. 

• Equifax:  800-525-6285 
• Experian:  888-397-3742
• TransUnion:  800-680-7289