Security Reminders as We Approach Tax Season

General reminders and best practices:

  • File electronically and use direct deposit for the quickest refunds.
  • File early - the earlier, the better. Filing early helps prevent identity fraud; others cannot file a fake return in your name if you have already filed.
  • Remember that the IRS will never request payment over the phone, or ask for personal information through emails or text messages

Tax Scams To Look Out For:

Every tax season messages are crafted by scammers to trick victims into giving out personal information or steal funds. This year it's essential to watch out for fake emails, texts, phone calls, and/or websites. 

1. W-2 sent via an attachment

The UC does not send tax statements to employees by email or text

  • If you receive an email or text that has an attachment to view your W-2 or other tax statement, it is a phishing scam designed to gain your private information. 

2. FTC email scam

  • Investigators say the scam starts with an email that looks to be from Joe Simons of the Federal Trade Commission.
  • The email says you’re getting COVID-19 relief money and includes a fake certificate from the Treasury Department.
  • If you reply, they say you have to pay taxes before you get your money. That should be a red flag.
  • However, to convince you, they send a fake letter from the IRS.
  • If you pay, the scammers push it further. They say you now must pay the State Department for a certificate that proves the funds are not related to any terrorist activity.

3. COVID-related text scamscreenshot of text scam

  • You get a text message that says, “You have received a direct deposit of $1,200 (or $600) from COVID-19 TREAS FUND. Further action is required to accept this payment into your account. Continue here to accept this payment (web address)”.
  • The message includes a link that directs you to what looks like the IRS website but, of course, it’s not.
  • The site asks for personal and bank account information.

Note: The IRS does not send out unsolicited text messages or emails.

4. IRS phone call scam

  • Caller ID can be easily rigged to appear as though a call is from a government agency.
  • The IRS says it will never call you demanding immediate payment on taxes owed.
  • Scammers often use the fact that you’ve recently received a stimulus check as the reason you can afford to pay.
  • These scammers can even threaten you and demand payment stating there is a lean against you and you'll be thrown in jail if you don't comply.

Note: The IRS does not call people with threats of jail or lawsuits.

5. IRS or CRA Impersonation Scams

  • These scams most often start with a phone call and take two basic forms.
  • In the first version, the IRS or CRA "agent" says you owe back taxes and pressures you into paying by prepaid debit card or wire transfer. If you don’t comply, the scammer threatens you with arrest and fines.
  • In the other version, scammers claim they are issuing tax refunds and ask you for personal information so they can send your refund. This information can later be used for identity theft. Scammers also use this approach to target college students by claiming a "federal student tax" has not been paid.

Note: The IRS and CRA will give you the chance to ask questions or appeal what you owe. 

scams courtesy of the BBB https://www.bbb.org/article/tips/13995-bbb-tip-tax-scams and
CBS Dallas Fort Worth: https://dfw.cbslocal.com/2021/01/26/warning-new-scams-covid-19-relief-pa...

To protect against harmful links:

  • If you have consented to having an electronic copy of your W-2 statement made available online, it will only be available directly on the UCPath website hosted by the University of California, Office of the President and should only be accessed using the following address: https://ucpath.universityofcalifornia.edu/(link is external)
  • To avoid clicking on a harmful link in a potential phishing message, manually enter the UCPath address into your browser's address bar when you are ready to download your W-2 forms:
    • Alternatively, you may access UC Path directly from the Blu Self-Service portal (left-hand menu) at: https://blu.berkeley.edu(link is external)
      (Note: Campus VPN and CalNet ID login are required for off-campus access to Blu)
Blu menu

How to Report These Scams:

At UC Berkeley:

Using the bMail web interface:

  1. Open the message
  2. To the right of 'Reply' arrow, select 'More' (typically denoted with three vertical dots)
  3. Then 'Report phishing'

If you are unable to log into bMail forward the message to phishing@berkeley.edu.

Beyond UC Berkeley: