It's that time of year. The Internal Revenue Service (IRS) is busy, tax preparers are busy, and scammers are busy.
In fact, the IRS says phishing and malware incidents so far this tax season are up an incredible 400%.
Most of these schemes are carried out by email, but the IRS says a variation is showing up regularly using text messages. The communications try to appear like they are from the IRS, or from others in the tax industry.
They ask potential victims questions about their refunds, filing status, personal identifying information, and PINs. The IRS says the surge in these attacks is taking place all across the country.
"This dramatic jump in these scams comes at the busiest time of tax season," IRS Commissioner John Koskinen said in a statement. "Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes. We urge people not to click on these emails."
In particular, fraudsters are looking for information that could help them file a fake tax return before the real taxpayer does. If the scammer has someone's name, for example, he would just need their Social Security number in order to file a phony return, showing a huge tax refund is due.
The money is often sent to the scammer before the real taxpayer gets around to filing. Only then is the fraud discovered.
What is distressing to the tax agency is that this year's 1,389 incidents have already exceeded the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.
"While more attention has focused on the continuing IRS phone scams, we are deeply worried this increase in email schemes threatens more taxpayers," Koskinen said. "We continue to work cooperatively with our partners on this issue, and we have taken steps to strengthen our processing systems and fraud filters to watch for scam artists trying to use stolen information to file bogus tax returns."
The phishing emails often ask victims to click on a link to provide requested information. If the target does as requested, he or she is taken to sites designed to imitate an official-looking website, such as IRS.gov.
At these sites, victims are asked for Social Security numbers and other personal information. The sites may also carry malware, which can infect computers and allow criminals to access files or track keystrokes to gain information.
What to do
Consumers can easily protect themselves from these phishing attacks by realizing that the IRS generally contacts taxpayers by U.S. mail, not email. It would certainly not request sensitive information, like PINs and Social Security numbers, by unsecured email.
Consumers who receive emails that look like they are from the IRS or tax software company, seeking information, clarification, or confirmation of something, should assume it is a scam and delete it.
The United States Computer Emergency Readiness Team advises that the best way to spot an email phishing scam is when the communication is unexpected or unsolicited. The agency has other helpful tips here.