BBB SCAM ALERT:

Better Business Bureau® of Central Oklahoma is warning consumers to be on the lookout for a phishing scam that is developing.  Hackers and scammers are posing as one of the biggest names in online tax preparation and filing software in order to gain access to your computer drives, files and accounts to steal your personal information including Social Security, bank or credit card numbers.

 

“Tax season is in full swing and with many people filing their taxes, scammers have developed a sophisticated new phishing scam,” said Kitt Letcher, president and CEO.

 

TurboTax is one of the nation’s most popular online tax preparation websites, and BBB is reporting that there is a massive campaign underway via emails impersonating the business.  The subject line in the email reads something to the effect of "important privacy changes" and directs the recipient to click on a link that will allow them to “opt out” of having their personal information shared with a third party.  Upon clicking on the link malware is downloaded onto the computer or mobile device which tracks keystrokes, and allows the hacker to steal a person’s identity. 

 

BBB advises keeping the following things in mind to avoid this and other phishing scams:

Check out the “From” field. Scammers have the ability to mask email addresses, making the message appear to come from a legitimate source. But they don’t always use it.

Watch for typos, strange phrasing and bad grammar. Scammers can easily copy a brand’s logo and email format, but awkward wording and poor grammar are typically a giveaway that the message is a scam.

Watch for lookalike URLs. Be wary of sites that have the brand name as a subdomain of another URL (i.e. “brandname.scamwebsite.com“) or part of a longer URL (i.e. “companynamecustomersupport.com”).

Hover over URLs in emails to reveal their true destination. Scammers can make links appear to lead to a legitimate website, when they really point to a scam site, like the examples above.

Consider how the business normally reaches you. Did you sign up for email or text alerts from your provider? A change from normal communication patterns is likely to be a scam.

Contact the business or HR department. When in doubt, call the business’s customer support line or your company’s HR department to check the legitimacy of the email. Be sure to find the phone number on your bill or by a web search — not the email or website the scammers gave you.

Keep your software and security up to date.  Always keep all of your software up to date with the latest updates and patches, for both your computer and mobile device.

Think before you click. Always take a second to ask yourself if this might be a scam.