Tax Season

If you use a computer to access the Internet for personal and professional reasons, pretty much everything you do online has a scam version of that activity trying to trick you.

Tax season is a particularly dangerous time to exploit our vulnerabilities.

We spoke with Gould Killian CPA Group in Asheville, NC. Gould Killian and Electronic Office have a 40+ year partnership, and their Senior Associate, Heath Towson, was kind enough to give us a briefing.

Heath started by telling us that “Tax preparation is the peak time of year for financial documents to be moving around via email. People are often in a mindset where private personal and financial data being shared via email seems more normal, but actually, we should be more careful than usual, because criminals know this time of year presents many more opportunities for them.”

When does this heightened security mindset relax a bit, you ask? After we submit tax returns, a whole different wave of scams may be coming our way. Whether we are getting a refund, owe money to the IRS or maybe have bigger problems with taxes, criminals are going to try to exploit all of it. Remember, the IRS never sends unsolicited emails to taxpayers.

Here are a couple of things Heath tells clients to be careful about with regard to security and taxes, that we would recommend taking to heart anytime you are dealing with sensitive financial information: 

1. Watch out for phone calls from scammers pretending to be the IRS. The IRS will never call you or email you regarding tax matters for security purposes. Their only communications are through mail and fax.
2. Carefully check the email address from the sender if sharing sensitive information or especially if the wording or message seems odd. You can also hover your cursor over any link that comes in an email and carefully look at the URL address of the link. Somewhere on your browser — usually the bottom left corner — the URL you are about to click on will appear. Scammers use links that might be close to the URL for your bank, for example, but they have to change it up somehow.
3. Instead of clicking on a link that seems like it will take you to a known company, like your bank or your employer, open a new tab in your browser and go to their website on your own initiative.
4. Do not send any personal banking or identification information by email — always call or send by an encrypted document.
5. Make sure any documents you send to your accountant are password protected if sent by email.
6. Do not send confidential information or financial statements by text message. This should be by email, portal or fax only.
7. If anything seems even just a little bit sketchy, go old school. Pick up your phone and call your HR department or your bank or whomever is relevant. Confirm by phone that the content of an email is legitimate, especially if a wire transfer is involved.

The more urgent the message seems, the more likely it is a scam. If you get an email with an urgent message from your bank, log into your bank’s website using a previously bookmarked address. If the email is legitimate, there will be something equivalent in the “messages” section of your bank’s website.  

Ultimately, “These are just some of the most common things that we tell all of our clients,” said Heath. For a deeper dive, it’s well worth taking a few minutes to read the IRS Webpage Explaining Tax Scam Alerts for 2023.  

While paying our taxes is never fun, finding out that we have been tricked into giving that money (and personal financial information) to a criminal is a whole lot worse.