Don’t Fall for These Financial Scams

Key Takeaways   

• The IRS never initiates contact via text or calls; legitimate tax matters come through official mailed letters.  

• New scams include fake QR codes, bogus electronic invitations, and delivery notification schemes requesting personal information.  

• Protect yourself by verifying communications, using chip insertion on cards, and enabling fraud alerts on financial accounts. 

Busy season may finally be over for accountants, but it’s still busy season for scammers and fraudsters. They know many people have already filed taxes, making them more susceptible than usual to text messages or voice messages – purportedly from the IRS – claiming they owe money, and to reach out immediately or click on a link to resolve an “urgent” tax matter. Same goes for fraudulent messages telling people to click on a (bogus link to process their refund.  

VERY IMPORTANT: The IRS is never going to text you or call you to tell you about a payment due or a refund. If it’s a legitimate matter, you’ll receive an official letter in the mail from the IRS, which you can then use to communicate with the IRS. If you receive such a letter, run it through your accountant and you can share it with us as well. We’re happy to assist. 

Bogus QR Codes 

Another new financial scam to watch out for is “Quishing” -- bogus quick response (QR) codes pasted on top of real ones that you see at park-and-pay locations at retail stores, convenience stores, malls, train stations, or anywhere else that allows you to pay by phone. When you scan the code with your smartphone camera, it brings you to a website that looks very similar to the retailer or parking authority that you’d expect -- but it’s not. When you enter your credit card information to make a payment, scammers can snag your card information.  

To protect yourself from Quishing, see if you can physically touch the sign and make sure it’s not a sticker or other type of material covering up the real QR code beneath it. Then, before entering your information, try going to the real retailer’s or parking authority’s website and see if it matches what you’re seeing on your smartphone. Don't scan it unless you're 100% sure about what it is. 

Bogus Party Invitations 

Another new scam has infiltrated the email invitation app world. My mother-in-law recently received a Punch Bowl invitation (similar to Evite) from hackers pretending to invite her to a friend’s party. Hackers get an address book from someone's email address and then send fake invitations to a party for someone they know. The subject line often starts with “Shhhh!” implying that it’s a surprise party and to click on a (bogus) link in order to RSVP. Your antennae should be up if you haven’t received a phone call or text message about the alleged party. But, if you click on the link to RSVP it typically asks you to login through your Google or Apple account.

Once you put your information in the scammers have your email address and password. They can then use that information to scan through your inbox looking for Social Security numbers, credit card numbers, etc. As my mother-in-law was entering her password, she started to get suspicious. Realizing her mistake, she went to her account settings immediately and was able to change her password. Not everyone has been so diligent or lucky. 

To protect yourself from this scam, always double check the email address from where the invitation originated. You can do that by hovering over it and make sure it’s not suspicious such as Punchbowl-invite.net or has a .ru (Russia) or .ro (Romania) extension at the end. 

Bogus Package Delivery 

Scammers are increasingly mimicking legitimate brands such as Amazon, UPS or Fedex, with very similar logos and coloring. A typical scam is telling the recipient their package has been delayed. To prevent further delays, recipients are told to “click here” and enter their credit card information. Scammers know that if they reach out to 100 random people, about 50 will be expecting a delivery at any given time. So again, it's just being vigilant, not responding to unsolicited text or email messages, and always going to the retailer’s website if you are expecting a delivery. The same thing is happening with fake phone calls. For instance, you'll get a call and fraudsters will manipulate to happen, say, “Amazon Tech Support” telling you that there's a certain account issue or suspicious activity. In order to restore your account, the message says you need to verify your information and your credit card. Don’t do it. 

Credit Card Skimmers 

Another disturbing new scam I’ve seen are credit card skimmers, the gadgets that go on top of legitimate credit card machines at retail stores. Scammers slip the skimmers on top of the card readers when the clerk is busy or otherwise distracted from the register. When customers scan or top their credit cards to make a purchase, the skimmer steals the information without the consumer (or retailer) even knowing about it. This happened at my local Wawa. 

Instead, insert the chip at the top of your card, instead of tapping it or swiping it. This makes it harder for the skimmer to copy your information. Also, if you’re going to tap or scan your card, look closely at the retailer’s card reader. See if there’s a suspicious clear plastic cover over it. Or you can gently wiggle it to make sure there are no loose or mismatched parts.   

Next Steps 

Unfortunately, as technology evolves at lightning speed, scammers are getting increasingly clever. It pays to be extra diligent. Don’t store usernames and passwords in your browser and consider a password manager such as Last Pass or One Pass. Sign up for fraud protection with your credit cards. Some, like American Express send you an instant text or email, the minute there has been a charge on your card. That way you don’t have to wait until your statement comes at the end of the month to look for fraudulent charges. Also, take advantage of voice recognition systems used by major financial institutions such as Schwab if they offer it. 

Conclusion  

I know it’s hard to remain vigilant when our lives are so busy. But, taking an extra second or two to be careful can save you significant time and money down the road. If you or someone close to has concerns about protecting your identity and online security, reach out any time. I’m happy to assist.  

DAN SATZ MS, CFP® is a Partner at Novi Wealth