Tax Season Isn't the Only Time There's an Increase in Scams

Couple working on a laptop

If you’re expecting a tax refund this year from the IRS, you’re probably excited for an influx of cash…and so are many scammers and criminals. There’s typically a spike in phishing and other attempts at fraud across the U.S. during this time of year as scammers try to find ways to go after those refunds and pocket the money for themselves.

It’s so common that the IRS puts out a Dirty Dozen list each year documenting the worst of the worst tax scams.

One of the common red flags to avoid are shady tax “professionals” who may offer to charge a fee based on the size of the refund. Some "ghost" tax preparers refuse to sign the tax return or ask people to sign a blank return. These are all common warning signs, and it’s important to verify the identify of anyone who will help you prepare your taxes or claim your refund. The IRS offers a directory of credentialed experts to help.

There have also been identify theft scammers posing as experts offering to help set up your online account with the IRS.

“An Online Account at can help taxpayers view important details about their tax situation”, said IRS Commissioner Danny Werfel. “But scammers are trying to convince people they need help setting up an account. In reality, no help is needed. This is just a scam to obtain valuable and sensitive tax information that scammers will use to try stealing a refund. People should be wary and avoid sharing sensitive personal data over the phone, email or social media to avoid getting caught up in these scams.”

Popular Times of Year for Scams

Tax season isn’t the only time scammers target their victims. There tends to be additional spikes during summer vacation season, back-to-school, and winter holidays – really any time large amounts of money may be at stake. You can stay ahead of the scammers to protect your tax refund, your accounts, and your privacy by being vigilant and keeping an eye out for red flags.

Common Types of Phishing Attacks & Scams

Citadel’s representatives speak with thousands of members every day and hear about many of the ongoing scams targeting victims in our area. Before we look at some recent examples of attempted fraud, let’s clarify some common terms and their definitions:

What is phishing?

Phishing is the act of sending fraudulent emails that seem to come from a familiar business. These messages contain links to phony websites designed to steal personal information either directly or through malware and keyloggers. Often, you’ll see a problem referenced with a request to click on the link provided to correct it. Once you’ve clicked the link or entered your information, ID thieves can access your accounts.

learn and plan

Read more about what to do if you get a phishing (smishing) text.

View Article
Example of a smishing scam

What is smishing?

Smishing is the text message version of phishing (although phishing is often used as a catch-all term to refer to this type of scam, regardless of the form of contact). These text messages may claim to come from familiar businesses like your pharmacy, popular retailers, or financial institutions and may include false warnings about a transaction or other personal information. Most of the time, the scammers don’t actually have any information about your accounts yet, but rather they’re trying to trick you into providing it. They often take a chance on the likelihood that you may have an account or do business with the organization they’re impersonating by selecting large, well-known retailers and businesses to impersonate. It’s important to report those without clicking any links or responding to the sender in any way.

It may be hard to remember that in the moment, as the element of fear is a major part of a scam’s success. Where your finances and personal information are concerned, clicking on a link or responding to a text right now may seem to be the right course of action. But taking a moment or two to think things through and follow up directly with the institution is your safest bet.

Recent Scams You Should Know About

Recently, our members and others in the Greater Philadelphia area have reported a variety of text messages similar to the example above where they received a text using the Citadel name or spoofing our phone number (sometimes both) in an effort to trick them into disclosing their account information or login credentials. Generally, there has been an increase in this type of scam over the past few years as the average American has moved away from phone calls and onto texting as one of the most common forms of communication; however you should remember most legitimate companies, including your credit union, will not text you out of the blue to ask for your PIN, checking account number, or any other information it already has. Unless you have specific alerts set up with that company or you were expecting the message, the best response is to contact the institution directly to confirm it sent the text, and then delete the message from your phone.

Another recent example included two separate members who came into two separate Citadel branches requesting large cash withdrawals of $12,000 – $20,000 each. Because our staff is trained to recognize red flags during everyday transactions and the members had a high level of trust with our team, the conversations led to the discovery that the members were being scammed by individuals who had targeted them. One was told their grandson was in trouble, and the other who was told they must pay in cash for a home remodeling project as opposed to a secure check. Although the examples were seemingly unrelated, it’s important to remember to trust your gut if something doesn’t seem right. Asking the right questions and double checking the legitimacy of a claim or request can protect your privacy and your money.

Popular times for phishing scams

How to Protect Yourself Against Scams

To protect yourself from the latest scams and fraud attempts, keep an eye on our Security Center. There are pages dedicated to FAQs, common scams, red flags, & quick tips to protect yourself, as well as a list of recent updates and security alerts.

You can also setup account alerts and card controls within Online Banking and the Citadel Mobile App to keep an eye on your account activity and add an additional layer of protection.

If you receive a suspicious text message, you should report it immediately:


Learn more in our Security Center.

Explore Now