The taxman cometh. Nothing gets your adrenaline flowing like a communication from the Internal Revenue Service (IRS). Since it's that time again, a reminder is in order that the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. IRS collection employees can, however, call or come to homes or businesses unannounced to collect a tax debt, but they must provide two forms of official credentials: a "pocket commission" (a type of government ID) and an "HSPD-12" card. The IRS does assign certain cases to private, third-party debt collectors under contract, but these collectors can visit your home or business only after giving you (or your representative, if any) written notice about the visit. Learn to spot scams that have targeted taxpayers in the name of the IRS here.
Testing you. The official website to order free, at-home COVID-19 tests from the federal government opened last month. Consumers are being warned that scammers are deploying fake order forms in attempts to illegally harvest consumers' personal information. Avoid fake sites by ensuring you are at covidtests.gov before entering any info. (We vetted the link in this newsletter.) Scammers will change the web address slightly in order to trick people into heading to a lookalike site, where the aim is to get you to hand over personal details. At the official site, no payment is necessary--just your name and address. If you are asked for payment details or sensitive ID, like your Social Security or driver's license numbers, take it as a red flag that you are on a fake site.
What the NFT!? Providing you even care about investing in "non-fungible token" collectibles, be aware there is a lot of fraud in this space, some of it tied to influential people and celebrities. Non-fungible tokens, or NFTs, according to The Verge, are each unique and "can really be anything digital (such as drawings, music, your brain downloaded and turned into an AI), but a lot of the current excitement is around using the tech to sell digital art." The Verge says they are unique because: "NFTs are designed to give you something that can't be copied: ownership of the work (though the artist can still retain the copyright and reproduction rights, just like with physical artwork)." Which brings us to the scam part: According to a Rolling Stone article in which "crypto experts share their tips for spotting red flags," you should turn off your direct messages in Discord (a chat app that is de facto home for NFT communities); beware the "airdrops" (promotional cryptocurrency); and mind the "rugpulls" (fake or preliminary NFTs). Read it if you dare--or care.
Quickly defrauded. QR (quick response) codes are those square, maze-like images you can scan with your phone to get to a website address or product information. They can be found in magazine ads, in restaurant menus and on parking meters, just to name a few places. The FBI says scammers find them useful, too. The Bureau's Portland, Oregon, office warned that scanning random QR codes can deliver you into scammers' clutches. If you scan a scam quick code, you could give scammers access to your device. They then can access your contacts, download malware, or send you to a fake payment portal. Once there, you might inadvertently provide access to your banking and credit card accounts. If you make a payment this way, it's difficult, if not impossible, to get those funds back. Bogus code stickers can be stuck over legitimate ones, so check to see if it's a sticker or if the image appears to have been tampered with. Do not scan QR codes received in emails unless you are absolutely certain they are legitimate--call the sender, if recognized, to confirm. Last month, ABC News ran a story on how the scam played out on parking meters in Texas.
Phishing lure. Have you received an email from yourself? Unless you purposely forwarded an email to yourself, you're probably the target of an email spoofing scam, a type of "phishing" (fraudulent) email. These are not just "fishy," but can (and do) carry malware (malicious software programs) that could harm your computer and steal your personal information. So, delete such emails immediately, without clicking on any links in the email or opening any attachments. To protect yourself from malware and "bloatware" (which can arrive in bundled software downloads), make sure you have an antivirus program running on your devices. In case you wonder, these emails do not come directly from your mailbox and you won't find them in your sent mail. Instead, spammers (and scammers) use available programs to "spoof" the sender--and that can include your email address, which, especially if you've had it for a long time, is probably for sale nefariously on the Dark Web (acquired from data breaches) and (unfortunately, legitimately) included in lists sold on the open market by data brokers to marketers and others.
Anti-social media. Last year, more than 95,000 people told the Federal Trade Commission (FTC) they'd been scammed by a con that started on social media. More than 1 in 4 people who told the FTC they'd lost money to a scam said the transaction started with a post, an ad or a message on a social media platform. All told, these people were taken for about $770 million. Check out our publication Take control: Customizing your social media privacy settings for tips on staying in control while using your favorite social platforms.