That Email From the IRS? It May Be Worse Than You Think

That Email From the IRS? It May Be Worse Than You Think

How could it be worse?

It may not be from the IRS, but may instead be an attempt at identity theft, or to hack into your computer, or infect it with malware.

Cybercriminals will be targeting small businesses this tax season with a variety of tricks intended mainly to steal information.

Brian Burch, VP of Global Consumer and Small Business at Symantec, shares examples of the kinds of schemes you may see this year. He also shares tips on how to protect yourself and your business from falling prey to these methods. In a recent email on cyber threats during tax season, Burch explains:

“…at tax time, small businesses are especially lucrative targets for cybercriminals, particularly in the BYOD era where work and personal data is accessed on the same device, including bank records and sensitive emails.”

Experts at Symantec have identified a number of emails that are preying on small businesses this year. Here are three potential scams to watch out for this year as you prepare your tax returns:

  • Financial Trojans: These emails often leverage names of popular accounting software like TurboTax to make you believe it’s a helpful message. Instead, these emails entice you to click on links that may allow your financial credentials to be stolen.
  • Tax season phishing scams: These emails have an HTML file attached. If these attachments are opened, they’ll reside on your computer and capture sensitive financial information. They could not only compromise your business information but also the personal information of your employees, too.
  • Malicious threats like Cryptolocker: These are programs that encrypt files on your computer and hold them for ransom. Hackers often demand payments to unlock these files. And even when/if you do pay a hacker, the files may be lost forever.

Symantec urges vigilance at tax time for small businesses. Burch offers some tips for small business owners to avoid being hacked this tax season.

First of all, having internet security software is a must. But that’s not enough, Burch says. It’s also important to have a backup of your data prepared in the event of an attack or system crash. And when you’re ready to file your taxes, it’s important never to do it over a public network. Filing over a secure Internet connection is vital.

Burch also urges vigilance and to “be suspicious” of all incoming emails this time of year. This especially goes for any email from the IRS. It’s important to remember that the IRS will never email you or your business regarding taxes. And the agency won’t call you, either.

“Scammers are quite good at making emails and links look legitimate, and the most lucrative tax return schemes are based on identity theft, so ensure your email is truly sent from the advertised source before opening it.”

Some other tips that Burch offers are to password protect everything. Also, be careful when choosing passwords. This means not choosing “password” or your name as the key to access your data. Logging out of any application or site that requires personal information is another way to avoid having any information stolen. This is especially key if you’re using a shared computer or are on a public network.

Finally, if you’ve successfully avoided getting hacked through tax prep and filing, you don’t want to fall victim during the final step of the process. Symantec says getting your refund in direct deposit to your bank account is the safest practice.

Tax season scam: Shutterstock


Joshua Sophy Joshua Sophy is the Editor for Small Business Trends and the Head of Content Partnerships. A journalist with 20 years of experience in traditional and online media, he is a member of the Society of Professional Journalists. He founded his own local newspaper, the Pottsville Free Press, covering his hometown.

5 Reactions
  1. That’s scary. You really don’t know who you can trust these days. What’s even more scary is that they are using names like that of the IRS and professional software. It always helps to really check the e-mail where a certain message is from to make sure that you are really talking to the real thing.

  2. Really, the only way you can protect yourself a against this type of e-mail is (1) not to open the e-mail; (2) contact the IRS directly (or have your accountant do so) and asked if such an e-mail was sent; (3) let other small businesses now about this potential scam.

  3. The only real way you can protect yourself a against this type of e-mail is to (1) noto open the e-mail; (2) contact the IRS directly (or have your accountant do so) and ask if such an e-mail was sent; (3) let other small businesses know about this potential scam.

  4. Oh my God! I mean we trust the IRS’s so damn blindly and open their mails at the very first instance. If these mails are mere means of phishing attacks then one needs to stay warned. Best way to stay out of any such issues by filing returns on time and by properly filling the forms.