IRS Issues Urgent Warning to Beware IRS/FBI-Themed Ransomware Scam

IRS YouTube Videos:

WASHINGTON – The Internal Revenue Service today warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.

The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation. It tries to entice users to select a “here” link to download a fake FBI questionnaire. Instead, the link downloads a certain type of malware called ransomware that prevents users from accessing data stored on their device unless they pay money to the scammers.

“This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call.”

The IRS, state tax agencies and tax industries – working in partnership as the Security Summit – currently are conducting an awareness campaign called Don’t Take the Bait, that includes warning tax professionals about the various types of phishing scams, including ransomware. The IRS highlighted this issue in an Aug. 1 news release IR-2017-125 Don’t Take the Bait, Step 4: Defend against Ransomware.

Victims should not pay a ransom. Paying it further encourages the criminals, and frequently the scammers won’t provide the decryption key even after a ransom is paid.

Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov. Forward any IRS-themed scams to phishing@irs.gov.

The IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. For more information, visit the “Tax Scams and Consumer Alerts” page on IRS.gov. Additional information about tax scams is available on IRS social media sites, including YouTube videos.

Advertisements

Social Security Scam

Scam Awareness  From the Social Security Office:

Social Security is committed to protecting the information and resources entrusted to us, including your personal information and investment. However, scam artists might try to trick you into sharing your personal information or money. We’re here to help you identify and report these kinds of schemes.

The Office of the Inspector General (OIG) has a new web page with tips on how to protect yourself from theft schemes, how to report scams, and recent fraud advisories. This is in response to an ongoing phone scheme, where individuals receive a call with a recorded message claiming to be from the OIG.

The message states the individual’s Social Security account, Social Security number, frand/or benefits are suspended, and that they should call a non-Social Security phone number to resolve the issue. When the individual calls this number, an unknown person pressures them into providing money or gift cards to resolve a fabricated issue, such as a warrant for the individuals’ arrest. Social Security does not solicit your personal information over the phone or by email, or request advance fees for services in the form of wire transfers or gift cards. If anyone pressures you to provide personal information or money over the phone, just hang up.

If you suspect fraud, report it to the OIG on their website or by calling the Fraud Hotline at 1-800-269-0271.

For more than 80 years, Social Security has secured today and tomorrow by protecting what’s important to you. You can learn more about the tools we use to identify, prevent, and fight fraud here.

Security Summit Alert: Tax Pros Warned of New Scam to Steal Their Passwords

WASHINGTON – The Internal Revenue Service, state tax agencies and the tax industry today warned tax professionals to be alert to a new phishing email scam impersonating tax software providers and attempting to steal usernames and passwords.

This sophisticated scam yet again displays cybercriminals’ tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business. This is the time of year when many software providers issue software upgrades and when tax professionals are working to meet the Oct. 15 deadline for extension filers.

These types of phishing scams are why the IRS, state tax agencies and the tax industry, acting as the Security Summit, launched the 10-week Don’t Take the Bait campaign currently underway. This awareness effort highlights the many tactics of cybercriminals as well as the steps tax professionals can take to protect their clients and themselves.

This latest scam email variation comes with a subject line of “Software Support Update” and highlights an “Important Software System Upgrade.” It thanks recipients for continuing to trust the software provider to serve their tax preparation needs and mimics the software providers’ email templates.

The e-mail informs the recipients that due to a recent software upgrade, the preparer must revalidate their login credentials. It provides a link to a fictitious website that mirrors the software provider’s actual login page.

Instead of upgrading software, the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers’ accounts and to steal client information.

The Security Summit reminds tax professionals that software providers do not embed links into emails asking them to validate passwords. Also, tax professionals and taxpayers should never open a link or an attachment from a suspicious email.

Tax professionals can review additional tips to protect clients and themselves at Protect Your Clients, Protect Yourself on IRS.gov.

Tax professionals who receive emails purportedly from their tax software providers seeking login credentials should send those scam emails to their tax software provider.