Security Reminders as We Approach Tax Season

Topics

Cybersecurity Awareness topic page

General reminders and best practices:

File electronically and use direct deposit for the quickest refunds.
The earlier, the better. Filing early helps prevent identity fraud; others cannot file a fake return in your name if you have already filed.
Economic stimulus payments are not taxed, and won’t reduce your tax refund amount.
Remember that the IRS will never request payment over the phone, or ask for personal information through emails or text messages.

Note: The IRS will begin processing individual returns later this tax season beginning Friday, February 12, 2021.

Tax and COVID Scams To Look Out For:

Every tax season messages are crafted by scammers to trick victims into giving out personal information or steal funds. This year it's essential to watch out for fake emails, texts, phone calls, and/or websites.

1. W-2 sent via an attachment

The UC does not send tax statements to employees by email or text

If you receive an email or text that has an attachment to view your W-2 or other tax statement, it is a phishing scam designed to gain your private information.

2. FTC email scam

Investigators say the scam starts with an email that looks to be from Joe Simons of the Federal Trade Commission.
The email says you’re getting COVID-19 relief money and includes a fake certificate from the Treasury Department.
If you reply, they say you have to pay taxes before you get your money. That should be a red flag.
However, to convince you, they send a fake letter from the IRS.
If you pay, the scammers push it further. They say you now must pay the State Department for a certificate that proves the funds are not related to any terrorist activity.

3. Stimulus check text scam

You get a text message that says, “You have received a direct deposit of $1,200 (or $600) from COVID-19 TREAS FUND. Further action is required to accept this payment into your account. Continue here to accept this payment (web address)”.

The message includes a link that directs you to what looks like the IRS website but, of course, it’s not.
The site asks for personal and bank account information.

Note: The IRS does not send out unsolicited text messages or emails.

4. IRS phone call scam

Caller ID can be easily rigged to appear as though a call is from a government agency.
The IRS says it will never call you demanding immediate payment on taxes owed.
Scammers often use the fact that you’ve recently received a stimulus check as the reason you can afford to pay.
These scammers can even threaten you and demand payment stating there is a lean against you and you'll be thrown in jail if you don't comply.

Note: The IRS does not call people with threats of jail or lawsuits.

5. IRS or CRA Impersonation Scams

These scams most often start with a phone call and take two basic forms.
In the first version, the IRS or CRA "agent" says you owe back taxes and pressures you into paying by prepaid debit card or wire transfer. If you don’t comply, the scammer threatens you with arrest and fines.
In the other version, scammers claim they are issuing tax refunds and ask you for personal information so they can send your refund. This information can later be used for identity theft. Scammers also use this approach to target college students by claiming a "federal student tax" has not been paid.

Note: The IRS and CRA will give you the chance to ask questions or appeal what you owe.

scams courtesy of the BBB https://www.bbb.org/article/tips/13995-bbb-tip-tax-scams and
CBS Dallas Fort Worth: https://dfw.cbslocal.com/2021/01/26/warning-new-scams-covid-19-relief-pa...

To protect against harmful links:

If you have consented to having an electronic copy of your W-2 statement made available online, it will only be available directly on the UCPath website hosted by the University of California, Office of the President and should only be accessed using the following address: https://ucpath.universityofcalifornia.edu/(link is external)

To avoid clicking on a harmful link in a potential phishing message, manually enter the UCPath address into your browser's address bar when you are ready to download your W-2 forms:
- Alternatively, you may access UC Path directly from the Blu Self-Service portal (left-hand menu) at: https://blu.berkeley.edu(link is external)
  (Note: Campus VPN and CalNet ID login are required for off-campus access to Blu)

How to Report These Scams:

At UC Berkeley:

Using the bMail web interface:

Open the message
To the right of 'Reply' arrow, select 'More' (typically denoted with three vertical dots)
Then 'Report phishing'

If you are unable to log into bMail forward the message to phishing@berkeley.edu.

Beyond UC Berkeley:

If you encounter suspicious activity or scams related to the IRS or taxes, contact the IRS immediately, through methods specified on their website: https://www.irs.gov/privacy-disclosure/report-phishing
COVID-19 scams should be reported to the National Center for Disaster Fraud (NCDF) Hotline at 1-866-720-5721 or submitted to their Complaint Form: https://www.justice.gov/disaster-fraud/ncdf-disaster-complaint-form.