The Top 10 Tax Scams of 2024

1. Phishing Scams: Cybercriminals send fake emails or create fake websites pretending to be from the IRS or tax preparation companies. They often request personal information, such as Social Security numbers or financial details, which they then use for identity theft or fraudulent tax filings.

2. Identity Theft: This scam involves stealing someone’s personal information, such as their Social Security number, to file a tax return and claim a fraudulent refund. Scammers may also use stolen identities to apply for jobs, credit cards, or other benefits.

3. Fake Charities: Scammers set up fake charities or impersonate legitimate organizations to solicit donations from unsuspecting taxpayers. They often use emotional appeals or fake testimonials to trick people into giving money, which they then pocket for themselves.

4. Tax Preparer Fraud: Some tax preparers may engage in fraudulent activities, such as claiming false deductions or credits on their clients’ tax returns to inflate refunds. Taxpayers should be cautious when choosing a tax preparer and ensure they are reputable and trustworthy.

5. Social Security Number Scams: Scammers may call taxpayers claiming to be from the IRS or Social Security Administration and threaten legal action if they do not provide their Social Security number or other personal information. The IRS and SSA will never call taxpayers to demand immediate payment or personal information over the phone.

6. Fake IRS Letters: Scammers send fake letters or notices purportedly from the IRS demanding immediate payment or threatening legal action if the recipient does not comply. These letters often contain grammatical errors or inconsistencies that can help identify them as fraudulent.

7. Tax-Related Identity Theft: This scam involves using stolen personal information to file a tax return and claim a refund before the legitimate taxpayer has a chance to do so. Victims may not realize they are victims until they try to file their own tax return and discover that one has already been filed using their information.

8. Inflated Refund Claims: Some tax preparers may promise taxpayers inflated refunds in exchange for a fee or a percentage of the refund. They may use tactics such as claiming false deductions or credits to artificially inflate the refund amount.

9. Falsifying Income: Taxpayers may attempt to lower their tax liability by underreporting or omitting income from their tax returns. This is illegal and can result in fines, penalties, or criminal prosecution if discovered by the IRS.

10. Abusive Tax Shelters: Some taxpayers may be lured into investing in abusive tax shelters that promise to reduce or eliminate their tax liability. These schemes often involve complex financial transactions or legal structures that are designed to exploit loopholes in the tax code. However, the IRS actively investigates and penalizes taxpayers who participate in abusive tax shelters.

It’s important for taxpayers to remain vigilant and be aware of these scams to avoid becoming victims. They should never provide personal information or payment to anyone claiming to be from the IRS without verifying their identity and legitimacy. Additionally, taxpayers should report any suspected scams or fraudulent activity to the IRS or appropriate authorities.

Here are the top 10 tips to prevent tax-related scams:

1. Be Wary of Suspicious Emails and Phone Calls: The IRS does not initiate contact with taxpayers via email, text messages, or social media channels to request personal or financial information. Be cautious of unsolicited communications claiming to be from the IRS or tax authorities, especially if they ask for sensitive information or demand immediate action.

2. Verify the Identity of Tax Preparers: Before hiring a tax preparer, research their credentials and reputation. Look for certified public accountants (CPAs), enrolled agents, or other professionals with a valid Preparer Tax Identification Number (PTIN). Avoid tax preparers who promise unusually high refunds or charge fees based on a percentage of your refund.

3. Protect Personal Information: Safeguard your Social Security number, financial account numbers, and other sensitive information. Only provide this information to trusted entities when necessary, such as legitimate tax preparers or government agencies. Be cautious when sharing personal information online and use secure methods for transmitting sensitive data.

4. File Early: Filing your tax return early can help prevent tax-related identity theft. By submitting your return before potential scammers, you reduce the risk of someone fraudulently filing a return using your information. Monitor your mailbox for any tax-related documents and file promptly to minimize the window of opportunity for identity thieves.

5. Use Secure Websites for Online Filing: When e-filing your tax return or making electronic payments, ensure you are using a secure and reputable website. Look for “https” in the website URL and a padlock icon in the browser address bar, indicating that the site is encrypted and secure. Avoid using public Wi-Fi networks or unsecured computers for sensitive transactions.

6. Review Your Credit Report Regularly: Monitor your credit report regularly for any suspicious activity or unauthorized accounts. Identity thieves may use stolen personal information to open credit accounts or loans in your name. By reviewing your credit report periodically, you can detect and address any fraudulent activity before it escalates.

7. Be Skeptical of Promises of Large Refunds: Be cautious of tax preparers or schemes that promise unusually large refunds or guaranteed refunds without reviewing your financial information. While legitimate deductions and credits can reduce your tax liability, exaggerated claims or fraudulent tactics may attract unwanted attention from the IRS and lead to penalties or legal consequences.

8. Educate Yourself About Common Scams: Stay informed about common tax-related scams and tactics used by fraudsters. The IRS regularly updates its list of tax scams and issues alerts to warn taxpayers about emerging threats. By familiarizing yourself with these scams, you can recognize warning signs and take proactive steps to protect yourself against fraud.

9. Secure Your Devices and Personal Information: Keep your computer, smartphone, and other devices secure by using up-to-date antivirus software, firewalls, and encryption tools. Enable multi-factor authentication for online accounts and use strong, unique passwords for each account. Avoid clicking on suspicious links or downloading attachments from unknown sources, as they may contain malware or phishing attempts.

10. Report Suspicious Activity: If you encounter a potential tax-related scam or identity theft, report it to the appropriate authorities immediately. Contact the IRS Identity Protection Specialized Unit at 1-800-908-4490 or visit the IRS website for guidance on reporting identity theft and fraudulent activity. Additionally, notify your financial institutions and credit bureaus to protect your accounts and credit information.

By following these tips and remaining vigilant against tax-related scams, you can minimize the risk of falling victim to fraudsters and protect your personal and financial information during tax season and throughout the year. Remember to stay informed, verify the legitimacy of tax-related communications, and take proactive measures to safeguard your identity and assets.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Common Types of Mobile Cyber Attacks and How to Prevent them

With the ubiquity of people owning smartphones and having a growing dependence on them for e-commerce, it has become an attractive avenue for cybercrime. Security researchers report a 500% surge of mobile cyber attacks, as scammers try to steal bank details and passwords or even get full control of phones. However, other forms of mobile malware have invasive snooping features that can record audio and video, wipe data and content, and track your location.

What Are Mobile Cyber Attacks?

Cyber attacks are malicious and deliberate actions by an individual or organization to breach the system of a phone. Usually, when this happens, the attacker is targeting a full compromise of the device, access to email and other apps, or access to sensitive data. The text messages and emails smartphone users receive are often linked to some viruses that are a form of malicious software oh, that would result in a remote takeover of the device. 

There’s a decent chance that many smartphone users have experienced a type of malware that infected their phones without their knowledge. Security researchers say that one-fifth of smartphone users have encountered malware, with four out of 10 phones vulnerable to cyber attacks, often Androids. Let’s look at various forms of malware:

Forms of Mobile Security Malware

As mentioned above, mobile malware is a type of spy malware specifically written to attack the phone – they rely on exploiting different operating systems and mobile technology. There are various forms of mobile malware, each enabling attackers to be more agile in their attacks. Here are a few of the most common:

Mobile Spyware

This type of mobile malware monitors and records information plus actions of an end user without their knowledge. Like other malware, mobile spyware is installed by a phone user unwittingly. The spyware will install on a phone when a user side loads a third-party software application, redirects to a malicious website, or leaves the device unattended. 

If successfully installed, the intruder may be able to eavesdrop on a phone user’s conversations and have access to data that’s on the phone and those transmitted by the device. Anyone can become a victim of mobile spyware; therefore, installing security protection is essential.

Rooting Malware

The Rooting malware works by gaining root access to your smartphone. It gives the malware heightened authority over your phone, allowing the attacker to do some nasty stuff while lurking on a device. This happens when a user visits spamming or phishing websites. If your phone becomes vulnerable to rooting malware, the attacker can delete or install applications and copy confidential information.

Mobile Banking Trojans

Mobile banking Trojans are the most dangerous form of mobile malware. They hack all mobile banking apps and try to steal information and money from the phone’s owner. Any phone users who have bank details on their phone are at risk of getting hacked with Trojans. 

Moreover, Android users are at the highest risk of getting hacked, as most of them usually pose as legitimate applications, so a phone user can unwittingly download the app.

SMS Malware

The mobile SMS malware uses short message services (SMS) plus other messaging applications to access your phone. Others use malicious websites and software to enact damage to phone users. Anyone, which is everyone who uses text messaging applications is at risk of falling victim to such malware. It sends unauthorized texts and emails without the user’s knowledge. Moreover, it can intercept calls and texts. Typically, this malicious software poses as legit mobile applications, making unsuspecting phone users believe it’s safe to install them.

How Does a Smartphone Get Infected?

Smartphone viruses work the same way computer viruses do. A malicious code infects the phone, replicating itself and then spreading to other devices by auto messaging to a user’s contact list or even auto-forwarding as emails. How does your smartphone get infected with such malware? 

There are various ways a phone can get infected, including:

  • Installing a malicious mobile application.
  • Opening or clicking links from malicious emails, websites, or texts.
  • Responding to emails, text messages, and voicemails phishing scams.
  • Using a smartphone that has a vulnerable operating system. A good example is using a phone with an operating system that hasn’t been updated.
  • Utilizing URLs and WI-FI that aren’t secure.

Signs to Watch Out for in an Infected Smartphone 

While it can be difficult to tell if a phone has been infected with malware, the phone may start acting a little weird. Some signs to watch out for include:

  • Poor performance: Some applications installed may take quite a long time to open or crash randomly.
  • Battery drains: The battery charge drains quickly due to the malicious system overworking in the background.
  • High consumption of mobile data.
  • Unexpected billing charges like high data usage costs, thanks to malicious software eating up all your data.
  • The phone may start overheating unexpectedly.
  • Unusual pop-ups.

Keep in mind that when your phone is experiencing these signs, it doesn’t automatically mean that it’s due to mobile malware. Sometimes, your battery is just old or malfunctioning, and you need a new one. If you change the battery, but you’re still experiencing battery drains and unexpected charges, it could definitely be infected, and this is your sign to look for ways to remove the malware.

Removing Malware 

Once you suspect your phone has been infected with a virus, there are various steps you can take. First things first, you’ll need to remove the malware to prevent further damage. Use these simple troubleshooting steps.

  • Shutting down and restarting: The process will help you prevent further damage when you don’t know where the malware is.
  • Activating safe mode: This will depend on the type of phone you’re using, as different types have different setup features for activating safe mode. You can use the phone’s manual to see how you can set up safe mode on your phone.
  • Uninstalling suspicious application: When you notice an application installed on your phone but didn’t recall installing it, it might be a malware, and you need to remove it as soon as possible.
  • Clearing browser history: You’ll first go to the settings section of the phone and click on clear data or website history. The process helps to get rid of pop-ups or text messages that are on your web browser.
  • Erasing all data: Factory resetting the phone is the last step to successfully removing malware on your phone. Keep in mind that factor resetting will automatically delete all data on your phone. Make sure you save all important information somewhere else before you factory reset.

Protecting your Phone from Malware Infections

After fixing your phone, it’s important to safeguard it from future infections and other security risks. Here are some preventative measures you can use to secure your phone.

Installing Mobile Security Application 

Antivirus apps ensure your phone isn’t infected with a malicious software application. They detect and alert the phone user of the potential risks of a malware attack. There are various free anti-malware solutions at your disposal; extensive research will help you settle on one that’s effective.

Be Wary of Public Wi-Fi

Connecting your phone to any public Wi-Fi can leave it vulnerable to mobile malware, especially if it’s not secure. Using hotspot devices for internet services while traveling will help you protect your phone from hacks. It’s also better to turn off your Wi-Fi and Bluetooth when they’re not in use to secure your phone from malware that can try to access it through public Wi-Fi.

Moreover, you need to be wary of public charging stations as some of them are compromised with malicious malware. Various reputable internet services offer secure Wi-Fi and hotspot devices that can limit the use of public Wi-Fi.

Social Engineering Scams

Have you ever been in a situation where an individual tries to manipulate you into giving up your personal information? Well, that’s what social engineering scams are all about. They try to entice you to let go of your passwords and bank details or try to get control of your computer. Usually, they come in the form of emails, text messages, and even phone calls. When such circumstances happen to you, and your gut feeling is not sitting right with it, evade it at all costs.

Update your Phone’s Operating System 

It’s wise to update your phone’s operating system when it tells you to do so. This is because it patches security gaps and improves your phone’s performance. Before you try to update the device, you’ll first have to:

  • Charge your phone.
  • Backup files.
  • Ensure your phone is compatible with the upgrade.
  • Delete applications that are no longer in use.

Avoid Jail-breaking or Rooting the Phone 

Rooting mainly applies to Android users. The process allows an individual to access a phone’s operating code. This process gives a user the authority to modify the phone’s program or install other programs that the manufacturer wouldn’t otherwise install. Jail-breaking, on the other hand, applies to iPhone users, which allows unauthorized individual access to the entire file system.

Encrypting Mobile Devices

The process allows mobile users to protect their information, making it hard for attackers to decipher the information when malware occurs. Therefore, encrypting information on your mobile phone is highly encouraged, such that when you lose your phone or misplace it, no one can attempt to access it and attain information.

Backing up Data

It allows phone users to access their data from other devices. This process is convenient for people who’ve lost their phones and may want to restore their old data on their new phones or after malware. The process is different for different phones; therefore, take a look at your manual to see how the process works for your phone.

Use Official Phone’s App Store to Download Application 

This may be an obvious solution, but an important one. If you’re browsing for a new game or other productive applications, use the Google Play store or Apple App Store. It will ensure you only download safe applications. It’s imperative to check the ratings of the application, reviews, private policy, and authority if available. You’ll determine which features on the phone the application can access after installation and accept those you’re comfortable with.

Reviewing Access Permission 

You can easily review the access permission of your phone in the settings section for applications and application notifications. While trying to download a particular application, you must agree to its terms and conditions. This is where it includes the access permission on the phone. In most cases, users can unknowingly accept an application to access their personal information, making them vulnerable to suspicious individuals. Therefore, they’ll need to review the access permission from time to time to patch vulnerability gaps.

Locking your Phone with a Strong Password 

The process may vary depending on the type of phone you’re using. Most password settings include but are not limited to;

  • A minimum of four-digit alphanumeric password. 
  • Facial recognition.
  • Fingerprint verification. 
  • Drawing patterns. 
  • Using a password consisting of letters, numbers, and symbols.

Setting up Device Finders and Remote Wipe Features 

When you set up Find My Phone features on your phone, it allows you to locate your phone when lost or misplaced from another device (usually of the same brand). The feature works when your phone is online and not shut down. 

Remote wipes are an excellent feature when the phone is shut down. It allows the device owner or a phone’s network administrator to delete data from computing devices.

SIM Swapping 

Cybercriminals are gaining new ground in their operations. They’re going far and wide to steal personal information from unsuspecting people. Did you know a cyber attacker can replicate your SIM card without your knowledge? Yes, it’s possible through SIM swapping.

First things first, SIM cards are subscriber identity modules unique to a phone user that stores phone plans, contacts, and texts, among other things. You can easily use this SIM card on another phone and still retain your contacts and texts from your previous phone.

Cyber attackers wanting to impersonate you will trick the mobile carrier of your SIM card to swap your phone number to a new card. Usually, the attackers have some personal information about you and will use this information to convince your mobile carrier to reassign your phone number to a new SIM card. Upon a successful SIM swap, the attacker will change your password to lock you out of your mobile banking accounts and then steal whatever money on there. 

How Can You Tell Your SIM Card Has Been Swapped?

You’ll know your SIM card has been swapped when you notice your phone no longer connects to the cell’s network. Usually, you’ll not be able to make calls, send messages, or surf the internet when you’re not connected to Wi-Fi. Since people use their phones every day, they’re likely to find out quickly that their phone isn’t functioning as it should. 

Moreover, when a SIM card isn’t working, the mobile carrier usually sends a text message informing the user that the card is no longer in use. When you receive such a message, you’ll need to deactivate your SIM card; if you didn’t deactivate the card, call your wireless provider immediately.

Preventing SIM Swapping 

It’s very important to set up measures that’ll protect your device and personal information from SIM swapping. Let’s look at some of them.

Setting Up a Two-Factor Authentication 

You can set up a two-factor authentication limiting SIM swapping using authentication applications. A SIM swap can never occur through authentication applications compared to emailed or texted codes; therefore, an excellent measure to put in place. Add security measures to the authentication application like a PIN code, face, and fingerprint ID, among other things. Don’t go for something obvious; use assorted random numbers as your password.

Be on the Lookout out for Phishing Attempts 

Most cyber attacks emanate from phishing attempts. First, they’ll try to phish for personal information before conducting cybercrime. Mostly, they incorporate fear, urgency, or excitement in their emails, texts, or calls, to distract the victim into giving up their personal information like PINs, Social Security numbers, passwords, and birthdates.

Be vigilant of calls or texts from people or organizations you don’t know; they might be cyber attackers trying to phish for information. Moreover, avoid clicking on suspicious links.

Use a Password Manager 

Usually, your browser will ask you to save a particular password. It’s essential to always say No! However, not saving will make it hard to remember all your unique, long passwords. Even so, you can entrust all your passwords to a password manager.

The secure password manager will make you remember one password. Others passwords will be encrypted and secured by two-factor authentication. This makes it hard for a cybercriminal to attain your passwords.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.