Evette Davis: Welcome and thank you for joining us for today's webinar, "Beware of Phishing Scams, Especially COVID-19 and Stimulus-Related Schemes." My name is Evette Davis and I'm here with my colleague, Philip Yamalis. We're both Senior Stakeholder Liaison in the Communications and Liaison Division. We work with tax professionals, small business owners and IRS partners to provide outreach and education. And also to identify ways the agency can be more responsive to customers' needs. We'll cover just a few things about this webinar system. And then, we'll move right into today's topic. In case you experience a technology issue, this slide shows helpful tips and reminders. We've posted a technical help document you can download from the Materials section on the left side of your screen. It provides the minimum system requirements for viewing this webinar, along with some best practices and quick solutions. If you have completed and passed your system check, and you are still having problems, try one of the following. The first option is to close the screen where you're viewing the webinar and re-launch it. The second option is to click on settings on your browser viewing screen and then select HLS. Closed captioning is available for today's presentation. If you're having trouble hearing the audio through your computer speakers, please click the "Closed Captioning" dropdown arrow that's located on the left side of your screen. This feature will be available throughout the webinar.

If you have a question for us today and we hope you do, please submit it by clicking the "Ask Question" dropdown arrow to reveal the text box. Type your question in the text box and then click "Send." Now, this part is very important, folks. Please do not enter any sensitive or taxpayer-specific information. Okay, let's get started with today's topic, "Quick Security Tips from the IRS: Beware of Phishing Scams, Especially COVID-19 and Stimulus-Related Schemes." I'm going to turn it to my good colleague, Philip. Philip Yamalis: Well, thank you, Evette.

Hope everybody is having a great day. Ladies and gentlemen, this is our 5th and final webinar this week, as part of National Tax Security Awareness Week. Of course, this is an effort by the Internal Revenue Service, state tax agencies, the tax software industry, to encourage the public to take strict security measures possible. Now, the Internal Revenue Service, the states and the industry are working in partnership as the Security Summit. The Summit members have made great progress in the fight against identity theft and stolen identity refund fraud. But yet, we have more work to do. We need your help to do this. We need everyone to do everything possible, protect their sensitive information. This past Monday, we provided some security basics for all taxpayers. Tuesday, we discussed multi-factor authentication, and its importance to protecting your online accounts. This past Wednesday, we talked about the expansion of the Identity Protection PIN for taxpayers who can verify their identities. And finally, yesterday, we talked about the threats to small businesses. Today, our topic applies to individuals, businesses, and tax professionals. We're focusing on phishing scams, which affect everyone today. You can have all the best security software in the world. You can use the strongest passwords, but that will not protect you if you or your employees fall victim to a phishing scam, and are tricked into disclosing sensitive information. In most of the presentations that we've done this week, we mentioned the threats posed by phishing scams. In any given year, phishing scams pose a threat and are the primary way that cybercriminals trick people into disclosing passwords, their Social Security numbers, as well as credit card numbers. The cybersecurity company ValiMail recently estimated, get this number, that 3.4 billion, that's billion with a B, fake e-mails. 3.4 billion fake e-mails are sent worldwide each day and more than 1 trillion worldwide each year. Now, COVID-19 and the economic stimulus payment is cybercriminals' new themes. As a result of 2020, we saw a dramatic increase in COVID-19 and stimulus theme phishing scams. Citing the prevalence of COVID-19 scams, another private sector security firm estimated that there were over 445 million cyber-attacks between January and March of 2020. That's double the rate from the same period last year in 2019. Ladies and gentlemen, cybercriminals are relentless. They're exploiting our hopes and fears about COVID-19 these days, and our need for financial assistance through the economic impact or stimulus payment. Crooks are tapping into our need for social distancing, posing as new clients to trick tax professionals with scam e-mails. Let us take this opportunity today to show you just a few versions that we've recently seen related to COVID-19 and stimulus payments.

Evette? Davis: Thanks, Philip. Yeah, we're in an uphill battle, but we're going to keep fighting it together. Yamalis: Absolutely. Davis: And this is an example - that's right. This is an example of an SMS, Short Message Service, or as we call it, text message. And this is where someone is actually impersonating the IRS. Here, if you can see it, the subject was your, Y-O-U-R, are eligible. The text message itself says, "Register for COVID-19 stimulus help." And this text message actually included a link. Now that link does not take you to the IRS, but to a phishing site where any sensitive personal or financial information entered would be immediately stolen by thieves. Now, this second example is a phishing text impersonating the Treasury Department. Note the language. "You have a pending claim of $1,200 dollars from COVID-19 relief. Further action is required to disperse funds. Continue here to confirm payment method." This one uses a short URL, which is the Uniform Resource Locator or web address. And this is to misdirect you to the scam sites. There are different providers who will create shortened URLs, which will basically allow a phisher to fit an otherwise longer URL in a text message. More importantly, shortened URLs mask the actual websites. It looks nothing like the final phishing website URL. Phishers will sometimes use a shortened URL, just to point to one or even more other shortened URLs. Now finally, here's a phishing threat posing as a fictitious government agency in New York. It uses similar language like the previous text messages. "You have received a direct deposit of $1,200 from COVID-19 Treasury Funds. Further action," there's that word again. "Further action is required to accept this payment." Again, in this situation, that link would direct you to a scam site. It's going to ask you to enter sensitive information. And then, any information that you enter would be sent directly to thieves. All right, Philip, I'm going to turn it back over to you. Yamalis: Thanks, Evette. Those are some excellent examples of phishing texts that you shared with us. But the same types of messages can be found in phishing e-mails and phishing telephone calls, right? And again, there are multiple variations of these COVID scams. Phishing messages share common traits as we saw in Evette's examples. They often pose as companies that you know and trust. They often tell an urgent story to trick you into opening a link or an attachment. In each of these examples, these were posing as government entities. They were taking advantage of the passage of that $1,200 economic impact payments, the Congress passed this COVID relief, right? That was the bait and the digital label of phishing. What was their urgent story? I heard register here for stimulus help. I heard further action as required continue here to get your payment. So people who receive an IRS Treasury or a tax-related text scam, should take a screenshot of the message that they received and include the screenshot in an e-mail at phishing@irs.gov, that's phishing spelled P-H-I-S-H-I-N-G, phishing@irs.gov. When they send that e-mail to phishing@irs.gov include the following information. People should include the date, the time, as well as their time zone that they received their text message. You should also include the number that appeared on your caller ID of your phone. Finally, you should definitely include the number that received the text message. Now thieves use similar phishing tricks when they target tax professionals. Last spring, many and I say many tax professionals were teleworking as COVID first hit hard, we all know that. They were working with clients by phone as well as e-mail. One common e-mail that targets tax pros is from a potential fake client. So the thieves will pretend to be a potential client, right? They might exchange several e-mails with the tax professionals to gain their confidence, right? The tax professional once the new client, the thief sends them a final e-mail with an attachment that looks like it might be a past tax return.

But that attachment will be a malicious URL or a malicious attachment. So the e-mail might suggest that the attachment contains their tax records, when tax preparers open the attachment, it secretly downloads malware, but allows these to take control of the tax preparers computer systems and all the data in it. Folks, we're aware of thieves who gained remote access to tax preparers' computers, and access their client accounts. The thieves then completed tax returns under preparation, but they change the bank account information to their own. Finally, the thieves will e-file these fraudulent returns using the taxpayers or the tax preparers' identification numbers and/or EFIN number. So not only are the cyber thieves savvy about technology these days, they're also savvy about taxes. Evette, let me turn it back over to you.

Davis: Yeah. Thanks, Philip. Thanks. So these thieves are often impersonators of the IRS, right?

So they impersonate the IRS to trick victims, and that's just unfortunate. Phishing e-mails like the one Philip just talked about then include information where you're impersonating the IRS like a telephone scam call, which seems to never go away. Who has not received a call from the IRS?

That's a scammer. Anybody on the call, I don't think so. We've all probably received those fake calls. Unfortunately, these scams continue because they work. And even though people still fall victim to these scams, I believe, the more people who receive education, you educate yourselves about these techniques that these phishers use, then the less likely they are to fall victim to these types of scam. Folks, just remember this. The IRS does not call demanding payment. They do not call making threatening - threats of going to jail or lawsuits. The IRS does not demand payment via gift card or debit card, the IRS and local state - local and state agencies do not even accept tax payments by, for example, an iTunes gift card. The IRS does not send unsolicited e-mails about refunds or payments. They don't send unsolicited e-mails requesting login credentials, Social Security numbers, Employer Identification Numbers, or other sensitive information. We just don't do that. Now, we know that this is a lot. So for more information about reporting IRS-related scam, please take a moment and go to irs.gov/phishing. Now, let's move on to the Treasury Inspector General for Tax Administration or TIGTA. TIGTA investigates IRS impersonation scams. So if you receive a call from someone claiming to be with the IRS, asking for a payment, TIGTA urges you to take the following action. First, if you owe federal taxes or think you might owe taxes, hang up that phone call, hang up that call, then call the IRS at 1-800-829-1040. IRS employees can actually help you with your payment questions. If you do not owe taxes, fill out the IRS impersonation scam form on TIGTA's website. And that website is www.TIGTA.gov, or they've actually got a telephone number for TIGTA that number is 1-800-366-4484. So you can also file a complaint with the Federal Trade Commission. The address for the Federal Trade Commission is www.ftc.gov. And in that complaint, add the word IRS telephone scam to the comment. All right, Philip, let me turn it back over to you. Yamalis: Thank you, Evette. So let me take this opportunity, just to recap what we've presented to you today.

Ladies and gentlemen, we ask that you learn to recognize and avoid these phishing scams. They're dangerous. Phishing scams are the most common tool used by identity thieves. We asked you that if you receive a suspicious e-mail, do not - I repeat, do not open any links or attachments, if you receive e-mails from your bank, the credit card company perhaps your cloud storage provider, your social media provider, your e-mail provider, your cable TV provider, or even the Internal Revenue Service suggesting that you need to disclose either your password or your account info and providing a link, please, please, please do not open it. Go directly to the companies or agencies website to see if there's a need for action. Again, we want to remind you that the IRS will never call, e-mail or text you with requests for bank information for your COVID-related stimulus payments. All this week, we've tried to focus on meaningful steps that you can take to better protect yourself. Everyone that includes individuals, businesses, tax preparers should use strong security software to protect all their digital devices. They should use strong passwords or passphrases to protect accounts and keep their files backed up, but one of the most critical steps that you can take, especially to protect yourselves against scams to steal your passwords is to use what we presented earlier this week multi-factor authentication. That means you need a username and password, and then a separate code to complete the login process, right.

The code may be generated by an authentication app from your mobile phone, for example. Look for multi-factor authentication options within your account secure features, especially your tax software accounts. And now I believe, Evette, we've got a few minutes to answer some of the questions we received today. Let me just remind you, if you haven't input your questions, now is the time to do that. Evette and myself will try to answer as many questions as possible in the next few minutes. Evette, do you want to begin? Davis: We're here for you. Let's get started, Philip. So let me just ask you the first question that I'm seeing here. Okay. Yamalis: Okay.

Davis: So, Philip, this question says, "What do you do if you receive a suspicious IRS-related e-mail? What do you think?" Yamalis: Yeah. Well, it's not what I think. It's the law around here.

I mean, we've gotten so used to answering this question. If you receive an e-mail claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, an inheritance or lottery, don't reply. Don't open any attachments, as we shared numerous times in this presentation. Again, that can contain malicious code that would infect the computer or mobile phone. Again, don't click on any links, right? We at the IRS, on IRS.gov have an identity protection page. So when you come on to IRS.gov, you simply click "Identity Protection" in the search box in the upper-right-hand corner. If you clicked on links in a suspicious e-mail or website and entered confidential information, that'll give you the reminders what you can do with TIGTA or calling us. All those will be on that "Identity Protection" page. We ask that you forward preferably with the full e-mail headers, the e-mail as it is to that address that we gave you earlier, Phishing@IRS.gov. And again, don't forward scanned images, because this kind of removes a lot of valuable information that investigators need to investigate that suspicious IRS-related e-mail. Finally, delete the original e-mail. Just get it out of the scamming system. So that's the best way that I would handle receiving a suspicious IRS-related e-mail, Evette. Let me ask a question that I see that came in that, that I think that you would want to answer. Davis: Okay. Yamalis: Question here says, "What if I receive an e-mail requesting W-2 information?" It almost goes hand in hand with what we just talked about, right? Davis: Yeah, yeah. And that's a pretty common question too, because if you joined us earlier this week, when we were talking about businesses at risk, then you know that one of the things that businesses have to be aware of is this W-2 scam that's out there. So that's a great question. So if you receive an e-mail requesting W-2 information, first of all, make sure you educate your employees, and let them know that there are steps that they have to take before even responding to any type of requests like that, because again, there are so many variations of these W-2 scams that's out there, where someone's actually captured your business's Employer Identification Number or they captured your employees' Social Security numbers, and they're actually filing these fraudulent W-2. And unfortunately, by the time you as a business may learn that this has happened, sometimes you run into those situations where you've got an employee in your office saying, "Hey, someone's filed a return with this fake W-2 and it's not even mine, right, and so, just kind of think about those things. And if you as a business are a victim of a W-2, of a W-2 scam or if you just received an e-mail requesting that information, we would just ask that you forward that e-mail to IRS, and that's using phishing@IRS.gov. And, in the subject, just put in there "W-2 scam." Again, this is if you just received that e-mail and you haven't done anything, you haven't clicked on anything. But if you feel that you have been a victim, and you actually clicked on or you responded to that request, we ask you to do a couple of things. Send that e-mail again to data loss, dataloss@IRS.gov. And we want you to send the complete e-mail to dataloss@IRS.gov if you responded by sending those W-2s. And then, again, if you are a recipient of this scam, again, and if you didn't send that information, remember the e-mail that you send it to is phishing@IRS.gov and put in the subject W-2 scams. All right, there's a little bit more to that, but I'm just going to stop right there. And before I go into the rest of that - but, Philip, what do you think? Let's see. Let's go to a question for you.

Yamalis: Those W-2 scams were huge for a while. Davis: Yeah, W-2 scams are running rampant, unfortunately. And a lot of folks don't even realize that when you've got unsuspected employee, who sees something and it looks like it's from maybe a vendor, or it may be from someone that's a leader or a manager within their company. And they feel like, "oh, okay, he's asking for this information, let me be Johnny on the spot and send it to them." So we're asking them to step back and take a moment and realize, "Hey, this might not be who you think it is and it could be a scammer." So, all right, I see something here, Philip, when we asked you this question, we're talking about IRS and we talked about impersonation. So how does the person verify contact from the IRS? How do we actually know? What do they need to do to know that is actually the IRS contacting them? Yamalis: Evette, that's a great question. We touched a little bit about that today on our presentation. But the bottom line is, if you get a contact from the IRS a phone call, a letter, a notice. The best way to verify that that's an actual notice, right, is to go to IRS.gov search on the letter, notice or even the form number. Please be aware that fraudsters will often modify legitimate IRS letters and forms. A lot of the times when we see these letters and forms, there might be misspellings, right? I noticed, you showed us an example of the text message, where it said, your, Y-O-U-R, instead of you are and different variations, I mean, you can see that it's obvious. The bottom line is you can also find on www.irs.gov information that understanding your notice or letter or by searching the actual form and instructions. So we have a link at IRS.gov that I like to refer folks to. And link is How to Know it's Really the IRS Calling or Knocking on Your Door. It sounds like it could almost be a song.

But if it's legitimate, you'll find instructions on how to respond, if the completion of a form is required, if it's provided by questionable contact, you should verify the form is identical to the same form on IRS.gov. If you don't find the information on our website, or the instructions are different from what you were told to do in a letter, notice or form, please use the appropriate online resources at IRS.gov. And if you've determined by using these resources that the contact from the IRS is not legitimate, please report the incident to TIGTA, Evette alluded to earlier in this presentation, and as well, you can send us something at phishing@irs.gov. So I think that kind of puts it in a nutshell, how to verify contacts our toll-free line 1-800-829-1040. You get a bill and you're not sure, they'll gladly go over your transcript after disclosing that it's the proper person they're speaking to. They'll gladly review things on your account with you. So take advantage of those opportunities. But I think I have a question here that I'm going to throw at you here. Davis: Okay. Yeah. Yamalis: We talked about the W-2, hey, that phone impersonator that we've all received from different countries across the world, right? So my mother was asking me this yesterday, and I see the question on here, so I'm going to throw it at you. She goes, Philip, I'm still getting calls from these IRS impersonators. Can you just get rid of them? Or let me ask you, Evette, if you can help our audience today? Can you just recap what we should be doing, if we're still getting these phone calls from these nasty impersonators? Davis: Yeah. And Philip, this is just like the W-2 scam, this is one of those scams that's just not going to go away, unfortunately, again, because this is one that actually still works. So if you have an IRS impersonation, someone calling in, or any other unwanted call, then first of all, I would suggest you try to block the call, right? And with the technology that we have right now, on our cell phones or smartphones, it's easy to kind of block that call, but even beyond that, if there's something from an IRS impersonator, you want to make sure you capture some information for us, because if you receive a call from someone claiming to be from the IRS and you suspect that they are not an IRS employee. We've got some resources out there for you. And, Philip, this would be good for, even for what you responded to before. We've got something called View Your Tax Account online. If you're not sure, if you have a balance due or you're not sure, and someone from the IRS is calling you, after you hang up the phone, you should go to our website at IRS.gov. And you can actually view your account online, just to see whether or not there is a balance due. You can even review your payment information options online, and just basically, look for yourself to see what's actually there. Or again, you can call that 1-800-829 number to confirm whether or not there's something or a balance due.

Yamalis: 1-800-829-1040, right? Davis: 1040, exactly, 1-800-829-1040. So, yeah, also I mentioned TIGTA. TIGTA has a special form that they - that you can complete online. And they asked you to capture some information, so that you can actually help them, help us to track down these folks online when they're trying to impersonate the IRS. So again, if you go to TIGTA's website, www.tigta.gov, there's an actual form online that you can complete or you can give TIGTA a call to report this that 1-800-366-4484. The Federal Trade Commission also has a line that you can actually use or an e-mail that you can use to actually to give them, could file a complaint with the Federal Trade Commission, and go to www.ftc.gov. And just make sure that you state in your complaint, that this is an IRS telephone scam. And then finally, we ask that you would actually if you could go to our website at IRS.gov, we've got a laundry list of information there and steps that you can take to report and to still know what to do if you were to receive any type of phone call like that saying that they are actually from the IRS, and you know that they are not.

Just captured the telephone number, capture if they give you their employee badge number, capture that hold on to the exact date and time that you get the call, and if you can grab the geographic location and time zone when you actually receive the call. Again, all of this is going to help us kind of track them down and actually hopefully prevent or cut off that particular scheme, if you will. So again, there's ton of information on our website at IRS.gov. Please, please, please remember phishing@irs.gov to make that report as well. There's a lot they can do.

Philip? Yamalis: We are good at using acronyms at the IRS. And I know we defined TIGTA earlier, the Tax Inspector General for - the Treasury Inspector General for Tax Administration. Davis: Treasury Inspector, uh-huh, yeah. Yamalis: They're like our internal police, right? Davis: Right.

Yamalis: So that's what TIGTA stands for. Some great questions out there, Evette. Davis: Oh, yeah, yeah, great questions. So let's do, we have here for you, Philip, there are a lot of great questions here. This one says, "What if I receive a phishing e-mail that is not IRS or tax related?" Yamalis: If you receive a phishing e-mail that is not IRS or tax-related, obviously, we tell you if it's IRS or tax related, we want to see at phishing.gov, right? IRS@phishing.gov.

Now, if you receive a suspicious phishing e-mail and I've seen - I just saw this today on a personal e-mail that I got from my bank. If you receive a suspicious phishing e-mail not claiming to be from the IRS, you can send it to that entity, that bank. They usually have a special e-mail. But nationally, you can forward the e-mail as is to reportphishing@antiphishing.org.

That's reportphishing, all one word, @antiphishing, one word,.org. And again, if you've received an e-mail that you suspect contains malicious code or a malicious attachment and you've clicked on the link or downloaded the attachment, you can visit something that's sponsored by the Federal Trade Commission, something called onguardonline, all one word, onguardonline.gov, to learn what to do, again, if you suspect that you have malware on your computer. Now, if you've received an e-mail and you suspect it contains malicious code or malicious attachment and you've not clicked on the link or downloaded the attachment, saw this question come in, if you forward the e-mail to your Internet Service Provider's abuse department and/or go to spam@UCE.gov, spam@UCE.gov, that'll begin an investigation on that e-mail that you suspect contains malicious code. Excellent, excellent questions. We thank you so much. Davis: That's a great question. All right, Philip, it looks like we've come to the end of the road here with our question-and-answer session. Yamalis: Yeah, I see our producers just waving their hands and saying you have gone overboard, right? Davis: Yeah - all right, but I'll just say this one last thing, because I've seen it a couple of times. "Are there scam letters being sent out through the U.S. mail?" Yeah. So it's not just e-mail, folks, it's not just text messages. There are actual letters coming in the mail. So, yes, please be vigilant. Please be vigilant. And if you're not sure, again, call us at 1-800-829-1040, ask the question. And we can get you some information and just confirm some things before you send anybody anything. Yamalis: That's right.

Davis: Okay, so, again, folks, that's all of the time we have for questions. And this concludes our week-long National Tax Security Awareness Week. So thank you, thank you, thank you, for those who joined us every day or just today. We would appreciate it if you would take just a few minutes to complete a short evaluation before you exit. And if you'd like to have more sessions like this one, let us know. If you have thoughts on how we can make them better, please let us know that as well. If you have any requests for future webinar topics or pertinent information that you would like to see in an IRS Fact Sheet, Tax Tip or FAQ on IRS.gov, then please include your suggestions in the comment section of the survey. Click the survey button on your screen to begin. If it doesn't come up, just make sure you disabled that pop-up blocker. It has been a pleasure to be here with you today. Philip, this has been great. Yamalis: You bet it has. Davis: And we would all like to thank you so much for attending this week's webinars and today's webinar. Be safe everyone. You may exit the webinar at this time.