Use of Email / Anti-Phishing Policy
The New York State Department of Taxation and Finance (DTF) uses email to communicate services and announcements to those who have provided an email address. DTF may use email to provide information on changes in the tax law, tax regulations, or Department policies or to announce the publication of new tax guidance to assist you in complying with tax obligations. If authorized, DTF may use email to alert you to new activity at your DTF Online Services account.
An email from DTF will be general in nature. If sensitive personal information needs to be communicated, DTF will alert you to sign on to the secure Online Services area of the DTF website to access your secure account to receive or provide such information. DTF will NEVER request that you provide sensitive personal information, such as social security numbers, Taxpayer ID numbers, bank account numbers, PINs, user names, or passwords via email.
How does DTF use email to communicate with you?
- DTF only uses your email address if you provide it to us. DTF does not purchase or acquire email addresses from third party sources, nor does DTF share email addresses with others.
- DTF will use email to communicate with you after you provide us your email address to gain access to DTF services. When you interact with DTF through Online Services, you provide your email address as a way for DTF to communicate with you. You can also choose to customize DTF's electronic communications with you by authorizing its use for a variety of purposes and/or services.
- DTF will NEVER request that you provide sensitive personal information, such as social security numbers, Taxpayer ID numbers, bank account numbers, PINs, user names, or passwords via email. DTF will NEVER initiate an email to you to inform you that your user name or password needs to be reset.
DTF email addressesLegitimate emails from DTF will be sent from the following addresses:
DTF will send you email consistent with the services that you have requested. Links will only be provided that will bring you directly to content on the DTF web site located at:
- nystax.custhelp.com and tax.custhelp.com
- or located on other governmental sites (local, state and federal).
When DTF provides links in an email, it will do so in two ways:
- Active links embedded behind text;
- Active links in the form of a complete URL (uniform resource locator) address, beginning with http://. Some email providers will convert this URL address into an active link in the email while others will require you to copy and paste the URL address into your browser.
To verify the destination of an active link, you should hover your mouse over it and review the address information displayed in the status bar located at the bottom of your browser page; it will display the web address destination of the link.
You should also note that links are provided only for your convenience; they need not be used. To utilize services available on the DTF web site, you can always key www.tax.ny.gov into your browser and navigate to the DTF services that you require.
New York State taxpayers and tax professionals should be wary of phishing - attempts to trick you into providing personal or financial information via an email request or through a link to a fraudulent Web site. Phishing is a criminal activity using various techniques to manipulate you into performing actions or divulging confidential information that you would not normally provide.
Phishing emails may appear to be from a trustworthy source, but are designed to trick the email recipient into disclosing sensitive, private and confidential information. By clicking on an active link in a phishing email, the recipient may be directed to a fraudulent web site that attempts to acquire personal or private information or possibly infect his/her computer with malicious software. To check the destination of an active link, you should hover your mouse over it and review the address information displayed in the status bar located at the bottom of your browser page.
Web users should be wary of suspicious email. Signs that an email may be a phishing attempt include:
- The email contains obvious spelling errors. Phishers do this intentionally in order to avoid spam filters that many Internet providers use.
- Links at the website contain all or part of a real entity's name, or web address, but the link itself is not identical to that of the legitimate web site. Clicking on these links may take you to a different, possibly malicious website or pop-up windows that ask you to provide, update or confirm sensitive personal information. (Remember to check the true destination of an active link by hovering your mouse over it and reviewing the address information displayed in the status bar at the bottom)
Phishing detection may be enhanced by use of a web browser that has a phishing filter. The latest versions of most browsers including Internet Explorer, Firefox, and Opera include phishing filters that can help in detecting phishing attempts. For more information on phishing, please visit the website of the Department of State, Division of Consumer Protection at www.nysconsumer.gov.
The email protocols DTF uses and information provided above are intended to help you distinguish DTF email from illegitimate email.
DTF also employs the use of digital certificates on our Web site to provide a secure, encrypted connection between capable Web browsers and our Web servers. This secure, encrypted connection is required by our servers whenever and wherever you are asked to enter information that may be considered confidential. For additional information about information security and privacy, please see the DTF security and privacy policies.
If you have questions or concerns about DTF email communications, you can contact us at 518-457-2672.