The Internal Revenue Service said the number of reported phishing scams from fraudsters pretending to be from the IRS or a tax company surged by 400 percent this year from the same time last year. The 1,389 scams reported as of mid-February added up to about half of the email scams reported for all of last year, the agency said.
Julie Miller, a spokeswoman for Intuit, the maker of TurboTax, said the company has seen a spike in the number of phishing scams from fraudsters pretending to be TurboTax. The scams generally try to persuade people to click on malicious links by saying the action is needed to help users confirm their accounts or verify the taxpayer’s identity. Others say users could be blocked from their accounts if they don’t take action or could pretend to remind people to get started on their tax returns.
For taxpayers, it can be difficult to tell fact from fiction. Although some of the emails are barren and easy to question, some are more sophisticated, including company logos or other design traits that look similar to the emails being sent by TurboTax and other companies.
Take this fraudulent email that TurboTax is warning people about on its website. It looks strikingly similar to the reminders taxpayers might receive from TurboTax, encouraging them to sign in and start working on their tax returns. The colors and logos are nearly identical, as is the layout of the page.
Although there are some minor stylistic differences in font color, they are pretty difficult to notice. And just because an email has some personal information, such as your name or employer, doesn’t mean that it’s legitimate, Miller says.
Some people may be tempted to ignore the emails altogether, but that could have consequences if it means missing out on a real warning sign. This year, for instance, Intuit started alerting customers after their password or bank account information was changed — red flags that someone else may have accessed their account. Intuit is also alerting customers if a second account is opened with their Social Security number, which could point to a criminal using TurboTax to file a fraudulent return in their name.
For most taxpayers, the best line of defense is to do research before opening emails and to avoid clicking on links. Users can hover over a link to see what URL they are being directed to, Miller says. If the link isn’t to the website for the company you’re trying to reach, don’t click on it, she says. The smarter move may be to go directly to the website of the company you’re trying to contact by typing its URL (not the one in the email) into the browser and to look there for a customer service number.
TurboTax customers can check Intuit’s website to see if the email matches one of scams that Intuit already knows about. It’s a pretty long list, but if the email you received isn’t there, you can also forward the email to firstname.lastname@example.org and the company will let you know whether the email is legitimate.