Do not open emails that look suspicious, even if they appear to be from a reliable source such as the IRS or a Tax Service. If there are spelling errors or the email doesn’t address you by name, especially if you’ve done business with them before, be wary of opening it.
Do not open attachments or click links unless you are 100% certain of what they are, who they are from, and where they link to. If you believe you have received a phishing email, forward the message to either phishing@irs.gov or reportphishing@antiphishing.org so they can check it out and warn others if necessary.
Never reply with personal information. Legitimate companies will never ask for sensitive information, such as social security numbers or passwords, through email, texting, or social media. If you believe there may be a legitimate concern with an account or your taxes, contact the appropriate company directly using the number on their official website, not the message, to find out if anything is wrong.
Do not succumb to scare tactics. Phishers will often use threats of arrest, deportation, or license revocation via the telephone in order to receive your personal information or a form of payment. The IRS makes first contact with taxpayers through the mail, not telephone, and they never demand immediate or specific forms of payment (i.e. an amount split over an exact number of debit cards).
If you do receive a call, get the employee’s name, badge number, and call back number. Then, contact the IRS at 1-800-366-4484 to determine if the caller is an IRS employee with a legitimate reason to contact you.
Install security software on your computer & set it to automatically update to ensure you are always protected. Threats and malware are always evolving and your software needs to be able to keep up with it.
Above all, trust your instincts. If something feels off, take the time to go through the necessary channels to make sure everything checks out. It’s better to be safe now and discover everything is okay instead of being sorry later.