January 22, 2021
Phishing Requires Bait
Phishing is the act of creating a fake e-mail or website that looks like the real thing. This “bait” is then used to bring you into the scam by asking for private information. This includes your name, address, or phone number. It could also include potentially dangerous ID theft information like your Social Security number, a credit card number or banking information. The bait is often very real looking – just like correspondence from the IRS or the IRS web site.
How to Avoid the Lure
How do you know the phishing is fake? Here are some tips.
- The IRS never initiates contact via email. If you get an unsolicited e-mail from the IRS requesting a response, do not reply! Instead forward the email to firstname.lastname@example.org.
- Never click or download. Perhaps even more important, never click on a link or open a file on a suspicious email. This is true even if the email comes from someone you know. Too often phishing comes from someone impersonating someone you know.
- Know the web site. This includes the appearance, but more importantly the address. The valid address for the IRS is www.irs.gov. For Social Security, the address is www.ssa.gov.
- They may already have info about you. Good phishers already have parts of your identity, so just because they know things like your middle name and birth date does not make them legitimate.
- Phishing over the phone. Phishing can also take place over the phone. If you receive an unsolicited phone call, get the person’s name and ID, then hang up. Then go to the IRS (or vendor) web site, take down their phone number and call them back using this phone number. Most fake calls are ended quickly when taking this approach.
- Don’t forget social media. Phishing can also happen via social media and texting. Virtually every digital resource has the potential to be used as a tool for theft.
What Do Phishers Do?
When the phishers have your information, they can file false tax returns requesting refunds, steal bank information, set up fake credit cards, establish false IDs, plus much more. Remember, if it smells like a phish, it probably is.