Use of Email / Anti-Phishing Policy
The New York State Department of Taxation and Finance uses email to communicate services and announcements to those who have provided an email address. The department may use email to provide information on changes in the tax law, tax regulations, or department policies or to announce the publication of new tax guidance to assist you in complying with tax obligations. If authorized, the department may use email to alert you to new activity within your Online Services account.
An email from us will be general in nature. If sensitive personal information needs to be communicated, we will alert you to log in to the secure Online Services area of the website to access your secure account to receive or provide such information. We will never request that you provide sensitive personal information, such as social security numbers, taxpayer ID numbers, bank account numbers, PINs, user names, or passwords through email.
How we use email to communicate with you
- We only use your email address if you provide it to us. We do not purchase or acquire email addresses from third party sources, nor do we share email addresses with others.
- We will use email to communicate with you after you provide us your email address to gain access to our services. When you interact with us through your Online Services account, you provide your email address as a way for us to communicate with you. You can also choose to customize our electronic communications with you by authorizing its use for a variety of purposes and services.
- We will never request that you provide sensitive personal information, such as social security numbers, taxpayer ID numbers, bank account numbers, PINs, user names, or passwords through email. We will never initiate an email to you to inform you that your user name or password needs to be reset.
Tax Department email addresses
Legitimate emails from the Tax Department will be sent from the following addresses:
The Tax Department will send you email consistent with the services that you have requested. Links will only be provided that will bring you directly to content on our website, located at:
- nystax.custhelp.com and tax.custhelp.com
- or located on other governmental sites (local, state and federal).
When we provide links in an email, they may appear in two ways:
- active links embedded behind text; and
- active links in the form of a complete URL (uniform resource locator) address, beginning with http://. Some email providers will convert this URL address into an active link in the email while others will require you to copy and paste the URL address into your browser.
To verify the destination of an active link, you should hover your mouse over it and review the address information displayed in the status bar located at the bottom of your browser page; it will display the Web address destination of the link.
You should also note that links are provided only for your convenience; they need not be used. To utilize services available on the department's Web site, you can always key www.tax.ny.gov into your browser and navigate to the services or information you require.
New York State taxpayers and tax professionals should be wary of phishing—attempts to trick you into providing personal or financial information through an email request or through a link to a fraudulent website. Phishing is a criminal activity using various techniques to manipulate you into performing actions or divulging confidential information that you would not normally provide.
Phishing emails may appear to be from a trustworthy source, but are designed to trick the email recipient into disclosing sensitive, private and confidential information. By clicking on an active link in a phishing email, the recipient may be directed to a fraudulent website that attempts to acquire personal or private information or possibly infect his/her computer with malicious software. To check the destination of an active link, you should hover your mouse over it and review the address information displayed in the status bar located at the bottom of your browser page.
Web users should be wary of suspicious email. Signs that an email may be a phishing attempt include:
- the email contains obvious spelling errors. Phishers do this intentionally in order to avoid spam filters many Internet providers use.
- links to the website contain all or part of a real entity's name, or Web address, but the link itself is not identical to that of the legitimate website. Clicking on these links may take you to a different, possibly malicious website or pop-up windows that ask you to provide, update, or confirm sensitive personal information. (Remember to check the true destination of an active link by hovering your mouse over it and reviewing the address information displayed in the status bar at the bottom.)
Phishing detection may be enhanced by use of a Web browser that has a phishing filter. The latest versions of most browsers including Internet Explorer, Firefox, and Opera include phishing filters that can help in detecting phishing attempts. For more information on phishing, please visit the website of the Department of State, Division of Consumer Protection at Phishing Scam Prevention Tips.
The email protocols we use and information provided above are intended to help you distinguish Tax Department email from illegitimate email.
The Tax Department also employs the use of digital certificates on our website to provide a secure, encrypted connection between capable Web browsers and our Web servers. This secure, encrypted connection is required by our servers whenever and wherever you are asked to enter information that may be considered confidential. For additional information about information security and privacy, please see the Tax Department's security and privacy policies.
If you have questions or concerns about our email communications, you can contact us at 518-457-2672.