Recent tax scams, as highlighted by the IRS and the FBI, continue to pose significant threats to taxpayers, exploiting various schemes to commit fraud and identity theft. The IRS’s “Dirty Dozen” list for 2023 underscores the variety of scams taxpayers and tax professionals should be wary of, not only during the tax season but throughout the year.
Among these scams, the misuse of the Employee Retention Credit (ERC) has been notably aggressive, with scammers luring ineligible individuals with promises of significant refunds. Other popular cons are “professionals” offering to set up your IRS accounts (to steal your data), lying about fuel tax credits you can get, or fake charities exploiting your kindness to pocket donations. Other scammers try to bait people through phishing emails and texts, pretending you need to simply “update personal info” or something else seemingly non-nefarious.
Like always, it’s smart to keep your personal info safe and be cautious of any surprise emails or calls pretending to be from the IRS or similar tax organizations. One small piece of advice: if you ever get questionable requests, check the IRS and/or FBI website for scam alerts to protect yourself, no matter how convincing the communication sounds.
Sound rather daunting? Help is on the way…
Google and Yahoo’s New Requirements
The biggest vector for abuse happens when a bad actor can fraudulently use a business’s trusted emailing domain to send legitimate-seeming messages to their employees, partners, or users. Google and Yahoo have set new requirements that began taking effect in February 2024, focusing on enhancing authentication and anti-spam measures for emails, to stop spam, phishing, and fraud. These rules require emailers to secure their domains from fraudulent usage and apply to nearly every business that sends email to Gmail or Yahoo inboxes.
These rules, once fully in effect, should make it much harder for scammers to leverage trusted domains to defraud users. However, it’s important to note that these changes won’t be fully implemented for this tax season. Google and Yahoo will gradually enforce these rules to give senders ample time to comply. This means that while some improvements in email security might be noticed, the full benefits of these new requirements in curbing tax scams and other phishing attempts will be more fully realized in future tax seasons.
“As we navigate this tax season, I want to stress the importance of vigilance against the sophisticated phishing scams and identity theft attempts that are unfortunately all too common. We must, therefore, treat every communication with a level of distrust. This is especially true of any claiming to be from the IRS or a similar entity. I urge everyone to adopt a verify-first approach, ensuring the legitimacy of any tax-related correspondence before engaging. You are protecting not only your own organization’s personal information and financial integrity but also that of your customers. This vigilance is not just a ‘best practice’ anymore — it demonstrates an indisputable level of conscientiousness to the protection and privacy of your organization and its stakeholders.”
Seth Blank, CTO of Valimail
How to Avoid Tax-Related Phishing Attempts THIS Season
Before the upcoming regulations fully take effect, forward-thinking businesses are proactively elevating their security measures, especially during tax season. Valimail is at the forefront of this movement – creating ways to keep brands reliable and customers feeling safe. Here’s how Valimail can assist.
Valimail Align keeps you in step with the changing delivery rules of major providers such as Google and Yahoo, giving you peace of mind about your compliance across various services. With our automation platform, you can effortlessly align SPF and DKIM, ensuring your emails are delivered smoothly without gaps.
Valimail Enforce offers a smarter and more efficient path to DMARC enforcement. Our dedication lies in crafting top-tier automation solutions that ensure ongoing enforcement without the hassle of manual SPF and DKIM setups.
With our market-leading products, you can safeguard your domains and enhance email deliverability. We provide sophisticated sender intelligence, unlimited SPF lookups, and insightful analytics, all bundled into an easy-to-use application suitable for anyone.