Beware of These Recent Scams

To protect yourself, it’s important to be familiar with trending scams — keep reading to learn about the latest.

Government spoofing scams

Fraudsters are impersonating federal agencies like the FBI or the Federal Deposit Insurance Corporation (FDIC), contacting people by phone, text, and email. They’re demanding money under the guise of “protecting your accounts” or “avoiding legal trouble.” These scams can feel intimidating, but a few key reminders can help keep you safe.

Red Flags for Government Spoofing Scams

• Unexpected calls, texts or emails claiming to be from the FBI or FDIC about “suspicious activity” on your accounts
• Threats of arrest, frozen accounts, or legal action unless you send money immediately
• Requests to move your funds to a “safe account” or withdraw cash for supposed investigations – especially using gift cards, wire transfers, cryptocurrency, cash, or prepaid debit cards
• Emails or texts using official‑sounding language or FBI or FDIC logos to appear legitimate, with some scammers even adding bank or credit union logos

Top Ways to Protect Yourself

1. Know how federal agencies communicate:

   The FBI and FDIC will never call, text, or email you to demand money, request personal information, or ask you to move your funds. They also will not threaten arrest or legal action over the phone.

2. Stay skeptical of urgent or alarming messages:

   Scammers rely on fear and pressure. If someone claims to be a federal agent and demands immediate action, it’s a scam. Hang up or delete the message.

3. Protect your personal information:

   Never share account numbers, Social Security numbers, PINs, or one‑time passcodes with anyone who contacts you unexpectedly — even if they claim to be from a government agency.

4. Verify independently:

   If you’re unsure whether a message is legitimate, look up the agency’s official contact information yourself — don’t use the phone number or link provided in the message.

Tax season scams

It’s tax season — and your accountant and the IRS aren’t the only ones with an eye on your taxes. Scammers are on the lookout too! This sounds scary, but you can protect yourself by learning about common tax season scams. Here’s what to look for:
 
Phishing
 
Scammers pretend to be tax professionals (or the IRS) and send emails or text messages with links. Don’t click on links sent by people you don’t know.
 
If you get a tax email you believe is fraudulent, forward it to phishing@irs.gov.
 
Gift card scams
 
Gift cards remain a popular way for scammers to steal because they’re like cash: once someone has the gift card information, it’s nearly impossible to get back. Scammers are calling claiming to be the IRS, reaching out to collect back taxes or fines. They’ll ask you to buy gift cards and then take the card information for themselves.
 
Hang up and report the scam — the IRS will never ask for payment via gift card.
 
Refund bait and switch
 
If criminals have your sensitive personal information, such as Social Security number or tax forms they stole from the mail, they may file a fraudulent return on your behalf. Once the funds hit your account, the scammers will impersonate someone from the IRS and call you demanding the return of the money. They will ask you to deposit it into a different account or send a check to an address.
 
If you receive an unexpected tax bill or refund, file a complaint with the FTC, contact the IRS at 800.908.4490 and ask the major credit bureaus to put a “fraud alert” on your file.
 
Dishonest tax preparers
 
Unfortunately, there are scam artists posing as tax professionals. They offer to do your taxes, collect a fee upfront, and then ghost you. Only hire professionals with a valid license – check online here.
 
There’re also dishonest tax preparers inflating your tax return to pocket some of the refund. Criminal tax preparers will inaccurately file your taxes in order to receive a higher refund. They will pocket some of the refund for themselves. If you’re using a tax preparer, always double check their work and the amount they received from your tax filing.

reCAPTCHA scams

Appearing on fake websites — or embedded in real websites that have been compromised — this cutting edge scam copies human verification tests (like reCAPTCHA) and tricks you into installing malware on your computer.
 
How it works
 
You’re probably familiar with tests that ask you to prove that you’re a human (rather than a bot). Many websites – including ours – use these as protection against criminals, and they’re a great thing. However, on fake websites (or on a real website that has been compromised) these reCAPTCHA-like tests can install malware and viruses on your computer.
 
In this scam, you’ll be asked to perform a series of keyboard strokes, such as WINDOWS + S + P and then CTRL + V and then Enter. (This is an example and not necessarily an actual combination that a malware program would use.) Real verifications will never ask for a series of keystrokes.
 
Once you enter those keystrokes, a malware program designed to steal your usernames, passwords, and other personal information is installed on your device.
 
What you can do
 
Keep your software updated, and run regular anti-virus and malware scans on your devices (both computers and phones). Never click on unexpected messages or pop-ups. Know that legitimate programs to prove you are not a robot will never ask you to input a series of keystrokes.

Tips & Facts

Be extra cautious when scanning QR codes from untrusted emails and from signs, posters, flyers, or other physical locations. If you receive an unexpected email or text with a QR code, don’t scan it, especially if it urges you to act immediately.

Think before scanning that QR code

Quishing, short for QR code phishing, is a new fraud scam that uses QR codes. Quick refresher: QR stands for “Quick Response,” and a QR code is a two-dimensional barcode (like the one shown below) that can be scanned by a smartphone’s camera to quickly access information, typically a website link. QR codes are made up of a grid of black and white squares. When you open your phone’s camera and scan it, it may open a website or an app on your phone. (Depending on your phone’s settings, you may need to tap on a link that appears after your camera registers the code. You can try it out using the code below.)
 

QR codes are very convenient – but just like an email or unexpected text message that contains a link, they can install malware or viruses on your phone, which can ultimately be used to steal your money or identity.
 
That’s why it’s unwise to scan QR codes posted in public places, from an unfamiliar email, in an unexpected text message, or anywhere else where you’re unsure of the source.
 
How the QR scam works
 
Scammers are posting physical images of QR codes in high traffic locations, as well as sending them via email or text message. Once you scan the QR code, it takes you to a scammer’s website, which may look legitimate. The scammer may try and lure you into providing personal or financial information. According to the USPS, these scammers often attempt to disguise themselves as a government agency, bank, or other company to lend legitimacy to their claims. Scammers have even been known to paste stickers of fraudulent QR codes on top of posters from legitimate businesses, such as inside of a fast food restaurant or a bank.
 
How to protect yourself

• Think. Before scanning QR codes, ask yourself: Where did this come from? Who posted or sent this QR code?
   
  Be extra cautious when scanning QR codes from untrusted emails and from signs, posters, flyers, or other physical locations. If you receive an unexpected email or text with a QR code, don’t scan it, especially if it urges you to act immediately.
• Report. If you think that the QR code is impersonating an organization, contact the bank, credit union, government agency, or company so they can work with law enforcement to investigate the activity and also alert others.
• Treat your personal information like cash – so don’t give away this information in response to a QR code. Your Social Security number, credit card numbers, and other personally identifiable information can be used to steal your money or open new accounts in your name without your knowledge or approval.
• Block spam messages. Contact your carrier’s customer service number (usually 611) and instruct them to block all text messages sent to you as email and block all multimedia messages sent to you as email. (Some carriers may also offer an option to activate these blocks online for your phone number.)