Happy Holidays for Fraudsters and Scammers

October is National Cybersecurity Awareness Month. During this season, the IRS and Security Summit partners focus on protecting individuals from identity theft and fraud.

The holidays are a season of celebration. Millions of Americans shop online and browse on social media. However, fraudsters delight in knowing many individuals do not understand the best practices for online security. The holiday season can be an open door for swindlers who are "eager to swipe people's personal information” and use it for identity theft.

Security Summit members urge everyone to be vigilant and encourage parents to teach children and teens how to recognize and avoid online scams. Many children and teens have smartphones and spend time every day texting friends and using social media.

The IRS and the Security Summit Members offer specific tips for both individuals and their families. These tips are helpful and essential to protect yourself against fraudsters and scanmmers.

1. Learn to Recognize Scams — Fraudsters frequently claim they are from your bank or the IRS. You should recognize that scammers can trick your caller-ID to show the call is coming from your bank or the IRS. The IRS does not use email or social media to discuss your personal tax issues. If you receive a text or phishing email that looks suspicious, do not click on any attachments. You can forward phishing emails to phishing@IRS.gov.
2. Protect Personal Information (PI) — A fraudster will ask carefully-crafted questions that are designed to encourage you to disclose personal information. He or she may offer information initially to build a relationship with you. However, at some point, the fraudster will ask for your birthdate, address, age or financial information. He or she may also encourage you to log in to your bank account and disclose information from your bank account or your Social Security Number. You should be cautious and not share information. If you are contacted by phone, you should hang up and then call your financial institution or the IRS.
3. Update Passwords — Many individuals have 10 to 80 different online accounts. Nearly all major businesses ask you to create an account to track your online orders. It is important to maintain and update your passwords for these financial and business accounts. A good password contains a combination of capital letters, lower case letters, numbers and special characters. To help you keep track of multiple accounts with different passwords, it is convenient to use a password manager. The password managers on your smartphone, tablet or computer have high levels of encryption to store your passwords. You simply need to remember one master password for your password manager account. You must be very careful not to write down or disclose your master password.
4. Two-Factor Authentication — You should create extra security for all your financial accounts. These financial organizations offer two-factor authentication. You enter a password to log in to the account and then a text is sent to your phone with a six-digit number. After you enter both the password and the number, you will be able to access your account. While no security is perfect, two-factor authentication is a significant increase in security and should be used for your financial accounts.
5. Update Computer Software — Many hacking attempts succeed because the fraudster finds a "hole" in your computer or phone software. It is generally possible with most operating systems to enable automatic updates. Your computer and phone software will usually be updated once or twice a week by the main vendor. These updates are necessary because there are always new potential security risks with the complex software on your computer or your phone.
6. Avoid Public Wi-Fi — Many restaurants and commercial organizations allow access to public Wi-Fi. This public Wi-Fi may be used if you are simply browsing the internet, and your device has updated antivirus software. However, you should never log in to any personal accounts, especially your financial accounts, on public Wi-Fi. With your financial accounts, you should use a virtual private network (VPN) for access or password-protected Wi-Fi in your home or place of business.