The Internal Revenue Service issued an advisory to car dealers of phishing scams.
The warning comes after the ransomware attack on CDK, which disrupted the industry in June.
The IRS warns individuals and businesses to remain vigilant.
“Fraudsters and identity thieves attempt to trick the recipient into clicking a suspicious link, filling out personal and financial information or downloading a malware file onto their computer,” the advisory read.
“Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic. The IRS urges car dealerships to be extra cautious about unsolicited messages and avoid clicking any links in an unsolicited email or text if they are uncertain.”
The IRS reports seeing a barrage of email and text scams targeting businesses and individual taxpayers.
“The IRS and the Security Summit partners continue to remind taxpayers, businesses and tax professionals to be alert for a wide variety of these scams and schemes. Businesses such as car dealerships should remain alert for targeted email and text scams aimed to disrupt their computer systems,” the IRS said.
Employees at the businesses should be alert to fake communications posing as legitimate organizations. The messages may be sent as unsolicited texts or emails asking for valuable information that can lead to identity theft or malicious malware installed on computer systems.
The IRS explained the two main types of scams are:
- Phishing: An email sent by fraudsters claiming to come from a legitimate source. The email lures the victims into the scam with a variety of ruses such as enticing victims to provide sensitive information.
- Smishing: A text or smartphone SMS message where scammers often use alarming language such as, “Your account has now been put on hold,” or “Unusual Activity Report,” with a bogus “Solutions” link to restore the recipient’s account.
Employees should never click on any unsolicited communication as it may surreptitiously load malware that could keep legitimate users out of the system.
Phishing emails may appear to come from a legitimate sender or organization that has had their email account credentials stolen.
“Setting up two-factor or multi-factor authentication with their email provider will reduce the risk of individuals having their email account compromised,” the IRS said.
“Posing as a trusted organization, friend or family member remains a common way to target individuals and businesses for various scams. Individuals and businesses should verify the identity of the sender by using another communication method, for instance, calling a number they independently know to be accurate, not the number provided in the email or text.”
The IRS offered the following tips if receiving a suspicious communication.
- Never respond to phishing or smishing or click on the URL link.
- Don’t open any attachments. They can contain malicious code that may infect the computer or mobile phone.
- Don’t click on any links. If a taxpayer inadvertently clicked on links in a suspicious email or website and entered confidential information, visit the IRS’ identity protection page.
- Send the full email headers or forward the email as-is to phishing@irs.gov. Don’t forward screenshots or scanned images of emails because this removes valuable information.
- Delete the original email.
