The Internal Revenue Service (IRS) kicked off their annual ‘Dirty Dozen’ campaign this month to warn taxpayers about twelve of the most prevalent tax-related scams. Topping the list this year is pervasive phishing scams.

This Year’s Common Ploys

Phishing scams are fake – but often convincing – emails, text messages, websites and social media attempts to steal personal information, which tend to increase during tax season.

Each year, criminals come up with new and creative ploys to victimize taxpayers. One such scheme this year involves criminals stealing personal data and filing fraudulent tax returns, then using taxpayers’ bank accounts to direct deposit tax refunds. The thieves then use various tactics to reclaim the refund from the taxpayer, including falsely claiming to be from a collection agency or the IRS.

More advanced phishing schemes may even target personal or financial information available in the files of businesses and their payroll and human resources personnel. In this scenario, criminals may pose as a business requesting a fake invoice payment, an employee looking to re-route a direct deposit, or an executive wishing to initiate a wire transfer. The criminals will then use the email credentials from a successful attack to send phishing emails to the victim’s email contacts – escalating the potential reach and damage of an attack.

Ways to Avoid Becoming A Victim

Here are a few steps you can take to protect yourself against phishing scams this tax season:

  • Be skeptical. Never open an email or an attachment from an unknown source. Even if the email is from a known source, always proceed with caution when opening attachments.
  • Validate the email address. Cybercriminals often spoof email addresses to appear to come from someone you know. Look for small errors in the email address such as a letter being incorrect in the configuration. Also, double check to see if the sender domain matches up accurately.
  • Protect your data. Avoid giving out any personal or financially sensitive information via email.
  • Don’t click suspicious links. When in doubt, don’t click a hyperlink; rather, type the web address directly into your browser or call the source to verify its legitimacy.
  • Report it. If you receive an unsolicited, suspicious email that appears to be from either the IRS or an organization linked to the IRS, report it immediately by sending it to

For more information on ways to prevent you or your business from becoming a cybercrime victim, contact Doeren Mayhew’s cybersecurity advisors today.