Fraud Alert Center

IRS Tax Scammers

Now that we are past tax season, most people are not thinking about tax filings anymore. Most people have received their returns or paid their dues. However, as everyone knows, the IRS and government agencies can move at a glacial pace and their inner workings are often mystifying to non-professionals. Hence, scams abound, and they target the most vulnerable, such as the elderly (who fear they may have forgotten) and the uneducated (who feel they may have made mistakes). Scammers exploit these vulnerabilities to frighten people into paying them because no one wants to be imprisoned for failing to pay a few hundred dollars. And with the notion that “ignorance is no defense” in tax law, people often are frightened enough to pay.

The scammers often utilize gift cards, certified mail, prepaid debit cards, and the Electronic Federal Tax Payment System (EFTPS) to execute their deceit. You will receive a phone call from someone purporting to be from the IRS (common scam itself).

The IRS will not immediately threaten you with arrest, especially a couple of months late (remember, the government is often slow to act). The IRS will not become hostile during your first interaction, either – they aren’t desperate, but criminals are. 

Signs of a Scam:

  • Immediately threatening and hostile caller
  • Only one option for payment method (the IRS has several) 
  • Demands for an untraceable payment method
  • High-pressure call 
  • Asking for numbers and information over the phone (be wary of phishing)

What to Do If You Think You're Being Scammed:

  • While it might seem justified, it is best to not to antagonize the scammer – simply hang up
  • Report the number to the IRS  or FTC 
  • Do not give out personal information over the phone, even if the caller must “verify” you – the IRS will know it is you. “Verification” is phishing, and scammers can use the data in other malicious ways
  • Do not work through emails and text messages – the IRS is old school, and they also like to protect your data, which is hard to do in plaintext messages

If you actually do owe taxes, you can expect the IRS to be much less threatening. They will give you plenty of notice, and you can check your tax status on their website.  You can also call the number on the letter you received. Barring the hijacking of the IRS website, you should be safe if you always check your URL (should be irs.gov) and that "https://" is included at the beginning. This ensures you are only communicating directly with IRS servers (injection attacks are possible, but that is nation-state-level sophistication, and you probably have other problems). 

Scammers seek to defraud people year-round, so you need to always be vigilant. If you know someone who is vulnerable, please educate them on this topic. Don’t let your 95-year-old grandmother lose an entire month’s living expenses because she didn’t want to go to jail at 95 and got scared. Of course, don’t ignore legitimate tax payment requests. There are various avenues to verify how much you owe and many ways to pay. 

Article adapted from UKFCU's Smart Money Center. View full article HERE.


Robocalls Claiming Your Social Security Number is Suspended

Be on the lookout for a popular robocall scam that is tricking people into believing their Social Security number (SSN) has been suspended. The robocall tells you to call the number provided to speak with a government agent about the issue. Some of the robocalls even threaten to issue an arrest warrant if the victim doesn’t respond.

When you call the number back, you are actually speaking with a fake government agent. This scammer will try to trick you into giving up sensitive personal information like your SSN, birth date, and bank account number.

Always remember the following to stay safe from tricks like this:

  • Your Social Security number can never be suspended.
  • The Social Security Administration will never threaten to arrest anyone.
  • Do not share any type of personal information with anyone you don’t know over the phone.
  • If you get this type of call, hang up the phone immediately and report the call to the appropriate agency.

Securing Your New Devices

During the holidays, internet-connected devices also known as the Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information and the security of these devices is not always guaranteed.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), recommends these important steps you should consider to make your Internet of Things more secure:

Use Strong Passwords:

  • Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some Internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.

Evaluate Your Security Settings:

  • Most devices offer a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more at risk. It is important to examine the settings, particularly security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits for more information.

Ensure You Have Up-to-Date Software:

  • When manufacturers become aware of vulnerabilities in their products, they often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices. See Understanding Patches for more information.

Connect Carefully: 

  • Once your device is connected to the Internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the Internet is needed. See Securing Your Home Network for more information.

Quick Tips on Protecting Your Security

Securing Your Account:

  • UKFCU will never ask you to send us your personal information such as account numbers, card PINs, Social Security numbers, or Tax IDs over text or email.
  • Enable biometric logins, like finger-print and facial recognition within your phone's settings, for added security within your mobile banking app.
  • Frequently check your accounts, verifying your purchases and withdrawals.

Protecting Your Identity:

  • Periodically check through your credit reports to make sure your accounts are secured.
  • Do not carry sensitive information in your wallet like your Social Security card and Medicare card.
  • Keep personal documents in a secure place, and shred sensitive documents when appropriate.

Security Resources:


3/21/18 IMPORTANT INFORMATION: Debit Card Security Alert

Please be advised, if you have recently used an ATM in Lexington and surrounding areas, you need to be aware of a possible debit card compromise on your account. Please keep an eye on your account for any suspicious activity and if you see any fraudulent activity on your account, call 859.264.4200 or 800. 234.8528, immediately.

We will continue to work diligently to ensure your account is as secure as possible and update you on any possible data breaches.

To monitor your account thoroughly, sign up for Online Banking, or download our Mobile App. You may also sign up for Visa Purchase Alerts, which will notify you by email when transactions occur on your account. We apologize for any inconvenience this may cause.


While the internet and computers offer many opportunities and advancements for business and individuals, it also opens your door to predators and crooks. It is important to pay attention to who you are giving your confidential information to and make sure it is someone you know and trust.

You should NEVER be asked for your confidential information over e-mail. E-mail is not a secure method of transmitting information and the messages can be tapped into and information stolen. If you feel that you have received an e-mail or are suspicious of someone trying to commit Identity Theft, it is very important that you report the scam quickly so that law enforcement agencies can shut the fraudulent operations down.

Falcon Fraud Detection is provided to every UKFCU member with your debit and credit card. Falcon Fraud Detection reviews each suspicious transaction, reviews the cardholder account and calls the cardholder if necessary. The number for Falcon Fraud Center is 1.888.918.7313.


General Identity Theft and Fraud Information

Federal Trade Commission: Scam Alerts

Take the Fraud Awareness Quiz- Are you protecting yourself against fraud?