It’s mid-February. In Davis, you’ll see blossoms on trees, later sunsets, warmer afternoons—and maybe deceitful emails about taxes, too, as hackers rev up their springtime scams for tax season.
These tax frauds come in so many different guises that the Internal Revenue Service maintains a web page to describe them. They include “tax transcript” email scams, IRS impersonator phone scams, scams targeting payroll and HR professionals, and “Fraudsters Posing as Taxpayer Advocacy Panel.” Some involve gift cards.
They can arrive as texts, emails, phone calls, robocalls—anything the scammer thinks might work. To keep them from spoiling your spring, the University of California’s Systemwide Information Security Office offers this advice:
Be skeptical if you get any of the following:
- A message asking for W-2 or other tax information.
- Authentic-looking emails impersonating UC communications about accessing your W-2.
- Messages that look like they come from an executive or manager, requesting copies of employee W-2s for review purposes. See this alert for more details (the alert dates to 2017, but still applies).
- Messages that ask for passwords, ask you to click on dodgy links, etc.
- Unexpected phone calls about messages of the type described in this list, or that ask you to install software.
- To access your W-2 statement, go directly to UCPath instead of clicking on a link in an email.
- Use known contact information to verify any request for W-2 or other tax information, even if the request looks like it’s from someone you know. Call that person first.
- Do not reply to emails asking for your password or Social Security number.
At UC Davis, if you ever have doubts about a message, you can also talk to your department’s tech support staff or contact the IT Express Service Desk.
And because tax scams aren’t the only risks presented by hoax messages, here are eight good cybersecurity habits that will help protect you, your privacy and your work, on campus or at home, whatever the season.