Tax Season Is Upon Us! Look Out For These Scams.

It’s tax-filing season, and as surely as the sun rises in the east and sets in the west, scammers will be crawling out of the woodwork trying to take advantage of this opportunity to steal sensitive business data. Here’s how to make sure your small business doesn’t have identity thieves and con artists to contend with on top of the usual taxes and paperwork…Tax Season Scams

  1. Educate employees to be on the lookout for phishers, phone scammers, and email cons. People who would never open a suspicious-looking email in their personal inbox might not hesitate to turn over your Federal Tax Identification Number and names of key executives to someone posing as a representative of the IRS. The next thing you know, somebody has stolen the identity of your business and is taking out credit cards in your company’s name.
  2. Pay your taxes electronically. If you drop a check in the mail, all an identity thief needs to do in order to access your bank account number, routing number, Taxpayer ID, and other information is snag the right envelope. In contrast, the Electronic Federal Tax Payment System (EFTPS) is a free, secure government website that uses the highest level of security available. Every user must have a secure Internet browser with 128-bit encryption in order to access the site. To log on to the system, an enrolled user must be authenticated with three pieces of unique information known only to the user: Taxpayer Identification Number (EIN or SSN), EFTPS Personal Identification Number (PIN) and an Internet Password. That’s pretty secure.
  3. Pay your taxes, period. If somebody tries to sell you a package or kit that promises to help you avoid taxes by deducting personal expenses as business expenses related to a home-based business, don’t buy it. If somebody says the 16th Amendment was never properly ratified and personal income taxes are unconstitutional, ignore them. If you own a small business, you’re responsible for determining your personal and your business tax liability – and paying accordingly.

You can reduce the likelihood that you’ll have to deal with tax-related digital cons by using up-to-date spyware detection, antivirus, and antispam software. These should help to keep all those phony emails from making it into your inbox and prevent hackers from accessing sensitive business data. Go to  to find out what security services CMIT Solutions offers.

Got other tips or suggestions on how to avoid Tax Season scams?  Leave us a comment so we can share the knowledge!


SCAM ALERT! Tax-Related Email Scams

Phishers and Internet scammers are always coming up with innovative new ways to separate victims from their money. One of their favorite tactics is to prey on victims’ fears about taxes by posing as the IRS. It’s natural to worry if you get an email from somebody purporting to be the IRS, particularly in the month of January when you’re probably receiving a lot of legitimate communications from your employer and the IRS about filing. Here are a couple of tax scams that at first glance might seem official. Don’t be fooled!

The “underreported income” threat. This scam features an email accusing the recipient of having underreported their income. The sender attaches what they say is a copy of their relevant page of their tax return. The “attachment” is actually an executable file that downloads a malicious file to the user’s machine.

The “Making Work Pay” scam. This phishing email uses the Making Work Pay provision of last year’s stimulus package to entice people into giving up their personal information. The email asks the recipient to go to a website and fill out a form so that the IRS can deposit money into their bank account. In reality, the Making Work Pay provision does not directly provide funds to taxpayers; instead, it gives wage earners a tax credit in the form of reduced withholding. This is nothing but an attempt by identity thieves to get your personal information.

The “refund” scam. This oldie but goodie promises the recipient a quick and easy tax refund if they provide their personal information and details about their financial institution. Instead of getting a tax refund, the victim risks serious damage to their credit by identity thieves.

Note that all of these scams arrive by email. Many of them will direct the victim to a web page or form that looks official and credible. Don’t fall for it! The IRS never discusses official tax matters over the Internet – they use the good old-fashioned US Postal Service if they want to reach you. If you get an email that purports to be from the IRS, do not open any attachments or click on any links. Forward it to, then delete the email from your inbox. And if you have any doubt about an email’s legitimacy, you can always send it on to us at to get our expert opinion.

Scam Alert! Phony Tech Support

We’ve heard news recently about a new form of scam that preys on people’s fears about accidentally downloading computer viruses and spyware. Here’s how it works: the scammer calls the victim and claims to be working for a computer monitoring firm, a security software provider, or “your Windows XP provider.” They say that they have reason to believe the victim’s computer has been compromised, and that they can investigate the problem if the victim gives them access to his or her computer using a popular (and legitimate) remote access program such as LogMeIn. If the victim complies, the scammer has the entire contents of the victim’s computer at their fingertips — including passwords, logins, and all kinds of information that are catnip to identity thieves.

Here’s how to spot the scam:

1. They say they’re from “your monitoring service” or “your provider” but they don’t identify themselves by name. This is a huge red flag, particularly if you aren’t signed up for a monitoring service!

2. They’re contacting you by phone. If there’s a real security problem, you’re usually notified automatically when your security software runs.

3. They want a credit card number before they’ll render their “services.”

Naturally, we’re concerned about this because we don’t to see innocent computer users getting scammed — particularly by people purporting to do the same kind of work that we do!  Here’s how we’re different:

1. When we contact our clients, we identify ourselves as CMIT Solutions, not “your provider.” And because we value our relationships, our clients know us personally and by name — so there’s no question that we are who we say we are when we call.

2. If it’s a screaming emergency, we might contact you by phone — but because you know us and can always call us back if you’re in doubt about who’s really calling you, you can feel safe knowing you’re working with a trusted resource. Otherwise, we can take care of most security issues for our CMIT Marathon customers without them even noticing. (CMIT Marathon is our remote monitoring and maintenance service, which includes security updates.)

3. If you’re a CMIT Marathon or Guardian customer, you’re subscribed to an ongoing service and won’t have to provide payment over the phone if you ever call us with a question. Depending on your individual plan, we might have to bill separately for a visit to your office — but you’ll get a proper invoice, not a pushy technician pressuring you for a credit card number on the phone.
For more information about the phone-based “tech support” scam, you can check out this helpful AARP Bulletin article.  For more information on CMIT Marathon, click here.

Have you been contacted by a scammer using this method or something similar? Let us know by commenting below so we can help get the word out about these scams.