Alerts & Notices

Tax Fraud Alert 2024

Tax Season is in full force and with that comes phishing scams. Phishing emails are going around that can secretly download malicious software that can help cyber criminals steal client data. The IRS has already identified a new scam that began with cyber criminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns.

Tax-related phishing emails are trying to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom.

Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer.

The most popular method remains impersonating an executive, either through a compromised or spoofed email to obtain W-2 information.

We encourage all taxpayers to review the IC3 Alert page w-2 Phishing

Tax Identity Theft Awareness

Tax Identity Theft is at its highest, people are using your Social Security Number to file a "fake" tax return and could even collect your refund.

To start fighting tax identity theft right away, please remember:

  • File your tax return as early in the tax season as you can.
  • Use a secure internet connection if you file electronically.
  • Mail your tax return directly from the post office.
  • Check your Credit Report at least once a year for free at
  • Make sure no one has opened a new account in your name. 
  • Be careful when giving out your Social Security Number.

For more information and how to participate in Tax Awareness week please use this link:Tax Awareness  

Tax Guidance

As this year's April 15 Tax deadline approaches, NCCIC/US-CERT is offering taxpayers guidance to help protect your personal, financial, and tax information. Hackers can take advantage of taxpayers by using social engineering scams to attempt to steal personally identifiable information. 

Tax Scams:

  • Emails that appear to come from your tax professional, requesting information for an IRS form.
  • Emails containing links to a supposed IRS website.
  • Questionnaire emails claiming to be from the IRS or law enforcement agencies.
  • Calls where scammers leave urgent callback requests.

Tips on protecting yourself:

  • Use strong passwords. 
  • Keep software updated. 
  • Safeguard personal data.


IRS Phishing and Online Scams:

Please be aware a combination of calls, emails and text messages that appear to be from the IRS are going around. The IRS does not initiate contact with taxpayers by email, text, or social media. They are trying to lure people to a malicious website or to provide personal and financial information. Always know who you are speaking with or what sites you are clicking on.

  • Don't Reply to unknown emails or text.
  • Don't open any attachments.
  • Don't click on any links. 
  • Be Skeptical; it’s best to doubt the legitimacy of the call.
  • Always check the source
  • Never send money to receive money. 

Tax Scams


 Stay Safe & Help Protect Yourself from Stolen Check Scams

Unfortunately, there is currently a nationwide surge in check fraud associated with mail theft. Crafty criminals are stealing checks from USPS blue collection boxes and residential mailboxes, among other places. Stolen checks are “washed” by removing the ink and then altered to show a different payee and amount. These altered checks are then negotiated for much higher amounts, often before the consumer even realizes the original check has been stolen. 

Take these important steps to protect yourself against “check washing” scams:

  • Pay your bills through Online Banking or pay directly through the individual company’s payment portal to ensure your payments are delivered safely.
  • Use a blue or black gel ink pen when writing checks, as it’s much harder to remove than traditional ink.
  • Write out all information on the check, including the memo line, to make it harder for the scammer to remove all the additional information.
  • Mail your checks inside of your local Post Office whenever possible.
  • Avoid using USPS blue collection boxes after the last pickup of the day has been made.
  • Avoid leaving outgoing mail in your residential mailbox, especially overnight.
  • Monitor your bank accounts daily to keep an eye out for unusual activity. Vigilance is key.
  • If you do notice unusual account activity, be sure to report the potential fraud to your bank as soon as possible. 

With scammers becoming more sophisticated, you’re the first line of defense for preventing scams.

By recognizing these three common tactics, you can protect yourself and your money.

Compromising business email: Scammers can impersonate a company official to request a change for your account by email or text. Don’t call the number provided in the message. Instead, find the company’s official number from a trusted source and validate that the request is legitimate.

Impersonating a Colonial Federal associate: Some scammers will pose as Colonial Federal and use email, phone or text to request your personal information or to transfer money. When in doubt, ignore the message and call us at the number listed on the back of your debit card or bank statement.

Gaining remote access: Scammers claiming to be from well-known companies can try to gain remote access to your personal devices. If an associate from one of these companies cold calls you claiming they can fix an unknown issue, ignore the call and contact the company directly. Be sure to use a phone number from a trusted source.

We want to help protect you from scammers that attempt to impersonate Amazon or other well-known merchants. Remember these important clues so that you can identify scams and keep your account and information safe:

  1. Never feel pressured to give information (such as your credit card number or account password) over the phone, especially if the call was unexpected. Scammers may try to use calls, texts, and emails to impersonate Amazon customer service. If you're ever unsure, it's safest to end the call/chat and reach out directly to customer support through the Amazon app or website.
  2. Never pay over the phone. Amazon will never ask you to provide payment information, including gift cards (or “verification cards”, as some scammers call them) for products or services over the phone. 
  3. Trust Amazon-owned channels. Always go through the Amazon mobile app or website when seeking customer support or when looking to make changes to your account.
  4. Be wary of false urgency. Scammers may try to create a sense of urgency to persuade you to do what they're asking. Be wary any time someone tries to convince you that you must act now.

Cybersecurity advice to protect your connected devices and accounts

For so many of us, cell phones and computers are embedded in our personal and professional lives. We talk and text, we browse the web, we watch, and we create. Our devices store a lot of personal information, so it’s a good idea to take a few minutes to make sure your computer, phone, and other connected devices are protected.

Update your software

Software developers release updates — to software, operating systems, and internet browsers — to patch vulnerabilities before attackers can exploit them. Some programs are pre-set to update automatically.

Check your settings and turn on automatic updates to keep up with the latest protections against security threats.

If your software is not set to update automatically, you’ll have to update it manually.

The same principles apply for your phone: set it to update automatically. Otherwise, keep an eye out for updates, and don’t delay in running them.

Update your apps, too.

Protect your accounts

Besides securing your devices, protect your accounts. Start with strong passwords and enable multi-factor authentication.

When it comes to passwords, longer is stronger: at least 12 characters. You could use a passphrase of random words to help you remember it — but avoid common words or phrases. If your username and password are leaked in a breach, having multi-factor authentication enabled will make it harder for a scammer to get into your account. For more, check out this password checklist.

Back up important data

As an extra precaution, back up your important data. Save your files to an external storage device, like a USB flash drive or an external hard drive. Also, save your information with an online cloud storage service.

Mobile payment apps

Using Mobile payments apps such as Venmo, Zelle, Paypal etc. is the new quick and convenient way to get and send cash. Scammers are aware of how popular they have become and are trying to trick you and your contacts. Make sure you know who is on the receiving end before using these services.

Here are some tips to protect yourself:
  • Never send money to anyone you don't know
  • When you use and app for the first time, it will usually ask permission to access information on your device (contacts) to make these payments easier. If you are not comfortable with that, deny access or uninstall the app.
  • Keep and eye on your account through your statement or online banking.  

Keeping yourself secure:

Some tips to help you shop wisely and protect your personal information. 

  • Use Caution when browsing the internet, shopping online, and using email. Don't click on ads or popups, go directly to the merchant site by typing in the URL.
  • Do not use public Wi-fi connections for any financial apps or online accounts.
  • Setup alerts on your card and bank accounts, for transaction activity and thresholds. 
  • Enable locations and device required settings for debit cards, that way your card can't be used unless your phone/device is with the card.
  • Don't fall victim to phishing scams, think before you click!
  • Make purchases from known sellers.
  • An email that appears to be from a legitimate retailer might be difficult to resist. If the deal looks to good to be true, or the link in the email seem suspicious, do not click on it.
  • Contact your financial institution immediately if you feel your account and personal information may have been compromised. 

As always Think Before You Click.

Home Network Security:

The US-CERT advises home users to update their software regularly, remove unnecessary services and software, install a network firewall, and create strong, unique network passwords to decrease their risk to cyberattacks.

Social Security Scam:

Social Security Numbers do not get suspended. This is just a scam that's after your SSN, bank account number or other personal information. In this particular scam the caller pretends to be protecting you from a scam while he's trying to lure you into one.

Tips to protect yourselves:

  • Never give our or confirm personal information over the phone, via email or on a website unless you are sure of the person asking you.
  • Do not trust a name, phone number, or email address just because it seems to be connected with the government.
  • Check with the Social Security Administration-Call them directly at 1-800-772-1213 if you come across one of these scams. 
  • Contact government agencies directly, using telephone numbers and website addresses you know to be legitimate.
  • If someone has tried to steal your personal information by pretending to be from the government, report it to the Federal Trade Commission (FTC).


Safe and Secure Online-Seniors

Learn how to be safe and secure while connecting with friends and family in this new digital age.

  • Always think before you click.
  • Make sure you keep your computer and software updated. 
  • Create Strong and unique passwords.
  • Do not post sensitive information on social media sites.
  • Know who you are speaking and connecting with.
  • It is better to question what you see in e-mails and pop-ups.
  • Be mindful of email and phone call fraud attempts. 
  • Like always "if it seems too good to be true, it probably is"

Security Education

Visit Colonial Federal's Privacy & Security page for security tips and your responsibilities.