Staying Safe From Tax Season Scams

Now that W-2’s are arriving, it’s time to consider how to stay safe from tax season scams. Every year, unfortunate taxpayers go to file their returns and are shocked to find that someone else has filed a fraudulent one in their name! Some innocent people also receive fraudulent phone calls from criminals impersonating tax officials. Sadly, tax fraud has only become more widespread and digital communication has opened new ways for it to happen.


While the Internal Revenue Service (IRS) reports on multiple tax-payer related scams, and even publishes a “Dirty Dozen” list[1], three scams variants are worth highlighting: Phishing and Malware Schemes; Identity Theft and Falsely Filed Tax Returns; and Impersonation Scams. Once criminals have your information, they can also continue to commit identity theft well beyond tax season. Here are some details on each of these scams, along with how to identify them and seek help in case of identity theft.


Phishing and Malware Schemes:

            The first type of scam often leads to identity theft and falsely filed tax returns, but may also result in you downloading malware. This happens when criminals send convincing phishing emails or direct you to convincing websites that appear to be IRS, state government, tax software, or financial institution websites. Their goal is to trick you into entering your login credentials, verifying sensitive personal information, or downloading malware.

·       Never click on email links; type the organization’s website into your web browser.

·       If you feel something is suspicious, contact the organization through a known method, like their publicly-posted customer service line.

·       Do not reply to emails or texts asking for personal or tax information.


Identity Theft and Falsely Filed Tax Returns:

Once criminals have your personal information, they can use it to commit identity theft or file a false tax return in your name. In this case, if the criminal files the return before you do, they are getting your refund money and forcing you to go through the arduous process of proving that it was not you who filed the return. Criminals send phishing emails or make phone calls to trick you into providing your information so that they can commit this type of fraud.

·       Be wary of any contact by phone or email claiming to be from the IRS, as they do not contact taxpayers directly for this type of information.

·       File your tax return as soon as you get your W-2’s and other tax information. Criminals cannot successfully file a fraudulent return if you have already filed with the IRS!


Impersonation Scams:

            Our final flavor of scam involves a criminal impersonating the IRS or a tax official, such as a tax advocacy panel or tax preparer. They may say you owe money to the IRS or your state tax department or may represent themselves as a trusted tax authority and request information. This contact can occur through websites, emails, or threatening calls or text messages, that seem official. Sometimes, these scammers request that their victims pay by strange methods like gift cards or pre-paid credit cards. 


If you do in fact owe tax money to the IRS, you will receive an official bill in the mail first before being contacted by phone or email. For a quick reference, the IRS states that these are four things they will never do:[2]

  • ask for credit or debit card numbers over the phone;
  • call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer;
  • threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying;
  • demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.


Seeking help and reporting scams:

The IRS encourages taxpayers to send suspicious emails related to tax fraud to its email account. Other forms of tax fraud can be reported by following the instructions here:


If you suspect that you have been a victim of fraud or identity theft, please head to This is a site run by the Federal Trade Commission that provides a step-by-step recovery plan and assistance in taking action. It allows you to report if someone filed a return fraudulently in your name, if your information was exposed in a major data breach, and in case of many other types of fraud. If you believe you someone has used your social security number to fraudulently submit a tax return, you can also call the IRS at 800-908-4490.


Keep these common types of fraud in mind, and don’t hesitate to seek assistance if you become a victim.




What is two-factor identification?

Phones, computers, and appliances all store vital information. Passwords are one of the first steps to protecting that information – digital keys to our online kingdoms. But you can make login information more secure by pairing the password - something you know (knowledge) - with another factor, such as something you have (possession) or something you are (inherence). Something you have might be a smartphone, and you can prove you have the phone by reporting back the PIN code that was sent to it in a text message. Something you are could include your fingerprint or other biometric data. When two of these factors are combined to secure an account it is called two-factor authentication.

Why Shoud I Use Two-Factor Authentication?

Two-factor authentication is an important layer of defense beyond your password. It decreases your risk of falling victim to a compromise because criminals need access to two separate items to compromise your account – for instance your password and your smartphone (to receive the PIN code). Cyber criminals regularly “leak” (release) login credentials from compromised websites. They then use these leaked login names, email addresses, and passwords to find other accounts using the same credentials. This allows them to easily impersonate you online, gain access to work and personal accounts, sign online service agreements or contracts, engage in financial transactions, or change account information. Enabling two-factor authentication makes it more difficult for criminals to use this technique against you because a password would not be sufficient to gain access.

Turning on Two-Factor Authentication

Turning on two-factor authentication is really important on websites that process financial transactions (banks), contain sensitive information (Facebook), or could be used to impersonate you (Twitter). You can usually enable two-factor authentication through the security settings and directions to enable two-factor authentication are available in the help section of each website (It may be called “login verification” on some websites). If you can’t find the directions on how to enable two-factor authentication on a specific website, an Internet search for “enabling two-factor authentication on” and the name of the website will usually get you the directions. To be more cyber secure, turn on two-factor authentication and pair it with a strong, unique password.

Password Managers

One of the most common components of two-factor authentication is a strong password. Typically this means making the password long, complicated, and unique. But remembering all those passwords can be a challenge. So while you’re implementing two-factor authentication on your accounts, you might also consider choosing a password manager.

A password manager is a password-protected application that can run on a computer, smartphone, or in the cloud that securely tracks and stores other passwords. This means you only have to remember one password! Most password managers can also generate strong, random passwords for each account. As long as the password to access the password manager is very strong and unique, and the location of the password manager data is protected, this technique can be effective at securing login credentials. When choosing a password manager, ensure it is from a known, trustworthy company with a good reputation. Only use a password manager that stores the information on the device and use it on devices you trust and can keep secure.

Identity Theft 101: Five Smart Tech Tips for College-Bound Kids

If you have a child leaving for college, these tips can help keep their identity secure!

CodePen - Inline popup Click here for more info

You Are leaving the Phenix-Girard Bank Website

By clicking on this link you are leaving our website and entering a third-party website over which we have no control. 

Neither Phenix-Girard Bank Company, nor its subsidiaries or affiliates, is responsible for the content of third party sites hyper-linked from this page, nor do they guarantee or endorse the information, recommendations, products or services offered on third party sites. 

Third party sites may have different Privacy and Security policies than Phenix-Girard Bank. You should review the Privacy and Security policies of any third party website before you provide personal or confidential information.

To return to the Phenix-Girard Web Site, click here.

OR Click here to proceed.


7 Tips to Avoid Online Fraud

The Internet has become one of the most popular tools used to commit fraud and criminals are becoming more and more sophisticated with their hacking techniques.   As a result, it’s extremely important for consumers to secure their wireless networks and filter the amount of personal information they choose to divulge online.

Read More