State Department of Revenue issues warning on new email phishing scam
HARRISBURG — With tax season soon approaching, the Pennsylvania Department of Revenue today reminded the public and tax practitioners to beware of phishing scams that involve fraudulent email messages designed to steal sensitive information, such as passwords, usernames or personal financial information.
The Internal Revenue Service recently issued a warning about a phishing scam that tried to trick tax professionals into “signing” a new e-Services user agreement.
“We want everyone to be extremely cautious. Don’t click on any email sent by someone you don’t recognize,” Secretary of Revenue Dan Hassell said. “It’s always a good idea to be especially careful so that sensitive information doesn’t fall into the wrong hands.”
According to the IRS, the scam email claimed to be from “e-Services Registration” and used “Important Update about Your e-Services Account” in the subject line. The email stated, in part, “We are rolling out a new user agreement and all registered users must accept its revised terms to have access to e-Services and its products.”
The email asked the individual to review and accept the agreement but took them to a fake site instead. The IRS encouraged anyone who clicked on the link to perform a deep scan of their computer with security software, or contact the IRS e-Help Desk.
According to the Federal Trade Commission, phishing scams target recipients through fraudulent emails, texts or copycat websites. The goal of scam artists is to get you to share valuable personal information, such as account numbers, Social Security numbers, or login identifications and passwords. Scammers use your information to steal your money, your identity or both.
The following are safety tips from the FTC to help keep your resources safe from computer threats that can spread through email:
- Be cautious about opening attachments or clicking on links in emails. Even your friends’ or family members’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.
- Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
- Make the call if you’re not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If you think a company, friend or family member really does need personal information from you, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.
- Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised. As an extra precaution, you may want to choose more than one type of second authentication (e.g. a PIN) in case your primary method (such as a phone) is unavailable.
- Back up your files to an external hard drive or cloud storage. Back up your files regularly to protect yourself against viruses or a ransomware attack.
- Keep your security up to date. Use security software you trust, and make sure you set it to update automatically.