The upcoming tax season is a prime opportunity for identity thieves who target your personal information through phishing scams. Here is what you need to know.

Phishing requires bait

Phishing is the act of creating a fake e-mail or website that looks like the real thing. This bait is then used to bring you into the scam by asking for private information. This includes your name, address, or phone number. It could also include potentially dangerous ID theft like your Social Security number, a credit card number or banking information. The bait is often very real looking – just like correspondence from the IRS or the IRS website.

How to avoid the lure

Here are some tips to know if the correspondence is fake.

  • The IRS never initiates contact via email. If you get an unsolicited e-mail from the IRS requesting a response, do not reply! Instead forward the email to phishing@irs.gov.
  • Never click or download. Perhaps even more important, never click on a link or open a file on a suspicious email. This is true even if the email comes from someone you know. Too often phishing comes from a thief impersonating someone you know.
  • Know the web site. This includes the appearance, but more importantly the address. The valid address for the IRS is www.irs.gov. For the Social Security Administration, the address is www.ssa.gov.
  • They may already have info about you. Competent phishers already have parts of your identity, so just because they know things like your middle name and birth date does not make them legitimate e-mails.
  • Phishing over the phone. Phishing can also take place over the phone. If you receive an unsolicited phone call, get the person’s name and ID, then hang up. Then go to the IRS (or vendor) website, take down their phone number and call them back using this phone number. Most fake calls are ended quickly when taking this approach.
  • Don’t forget social media. Phishing can also happen via social media and texting. Virtually every digital resource has the potential to be used as a tool for theft.

Once you are in their net

When the phishers have your information, they can file false tax returns requesting refunds, steal bank information, set up fake credit cards, establish false IDs, plus much more. Remember, if it smells like a phish, it probably is.

So if you are netted by a clever phisher, take action quickly. Contact the IRS, local authorities, your financial institutions and credit agencies. Also review recommended steps as outlined on IdentityTheft.gov.