With tax season upon us, I am reminded of that old saying about the only certainty in life being death and taxes. But there’s one more certainty we can add to that list. Because now tax season inevitably ushers in any number of inventive – and effective – tax scams aimed at defrauding you.
Generally in these articles we review the problem (the various scams) first and then offer the “how to avoid them” advice. But in this case, we want to put that need-to-know information right up front. So no matter what scam you encounter, you can and should evaluate it knowing that the Internal Revenue Service has repeatedly confirmed that it will never:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
- Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
- The IRS also cannot revoke your driver’s license, business licenses, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.
- Demand payment without giving you the opportunity to question or appeal the amount they say you owe.
- Ask for credit or debit card numbers over the phone.
- It won't tell you where you can go to take a loan to pay your taxes.
You should also keep in mind that the IRS already knows your full social security number – they aren’t going to call or email you and require that you give it to them.
Nor are they in the business of harassing or threatening people. (Now they will continue to attempt to collect any tax debts you owe, but their methods are different than those used by cybercriminals, who will attempt to scare you or threaten you.)
There are special circumstances where an Agent may call or visit. But if an IRS representative does visit you, he or she will always provide two forms of official credentials called a pocket commission and a HSPD-12 card. You have the right to view these credentials.
2018 Tax Scams You Should Be Aware Of
The 2018 tax scams come in all shapes and sizes, again thanks to the modern cybercriminal's opportunistic approach. They use regular mail, telephone calls, texts, emails and even social media sites to target both businesses and individuals.
While savvy cybercriminals are always working overtime to come up with new, inventive scams to defraud you, here are some known, commonly-used scams to be aware of:
IRS Impersonation Telephone Scams
A sophisticated phone scam has been making the rounds again this year.
The caller will claim to be an IRS agent and provide a generic name and fake badge number. They will likely know a lot about you, including part or all of your social security number. Caller ID will very likely display the IRS as the source, due to the use of phone number spoofing.
It may also be a computerized call claiming to be the IRS, and warning you that this is your “final notice” before you get sued by the agency, and/or providing a phone number and informing you that the IRS is waiting for you to call back.
The message may be that your return has been rejected.
No avenue is off-limits, as scammers have even been known to target the deaf and hard-of-hearing communities by using Video Relay Services (VRS).
The call is intended to scare you, making it social engineering at its best (or worst).
You can listen to a recorded version of this call here.
Here is an example script:
‘Hello, we have been trying to reach you. This call is officially a final notice from IRS, Internal Revenue Service. The reason of this call is to inform you that the IRS is filing a lawsuit against you. To get more information about this case file, please call immediately on our department number, 561-902-5205, I repeat the number, 561-902-5205. Thank you.’
If you receive this type of call, hang up. Do not place a return call to the number provided and do not give our any personal information.
If you feel that you have a tax bill and have questions about it, always contact the IRS directly at 1.800.829.1040.
W-2 Email Phishing Scam
Email scams are nothing new, but as it relates to tax season, this new and very dangerous phishing email has emerged.
During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
It's a very targeted business email compromise scam, and the cybercriminals behind these campaigns have done their homework. The scam works by using email spoofing and posing as a company executive. Under that fraudulent email, the hacker will request copies of Forms W-2 for all employees.
The sensitive information contained in that Form is then used for identity theft or can be sold on the Dark Web for a substantial sum.
The IRS is urging all businesses to educate their HR and payroll professionals about this scam and to overall be alert for any unusual requests for employee data.
Additionally, employers are urged to consider creating a policy to limit the number of employees who have authority to handle Form W-2 requests. It’s also best practice to create a policy that requires additional verification procedures to validate the actual request via phone or in person before releasing sensitive data such as employee Form W-2s.
If the worst happens and W-2 information is emailed to a fraudulent source, the IRS can take steps to help prevent employees from being victims of tax-related identity theft. However, any company that is victimized must alert the IRS immediately.
The process for notification includes:
- Email firstname.lastname@example.org notify the IRS of a Form W-2 data loss and provide contact information, as listed below.
- In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
- Include the following:
- Business name
- Business employer identification number (EIN) associated with the data loss
- Contact name
- Contact phone number
- Summary of how the data loss occurred
- Volume of employees impacted
Getting a notice of a refund you weren’t expecting should be the greatest news ever.
But let’s be honest...if you don’t already know you’re getting a refund, what are the chances that the IRS is going to proactively contact you – out of the blue – and promise you one?
This social engineering tactic falls squarely into the “if it’s too good to be true, then it's not” category.
Generally with this type of email, you’re required to then enter your personal information, and bank account details in order to receive this supposed refund. This is of course the real score of this scam – by complying with this request, you’re handing over everything the scammer needs to defraud you.
You can also stay alert for this type of scam by remembering the red flags of a phishing attack.
Scams Targeting Tax Professionals
Tax professionals are increasingly being targeted by cybercriminals. After all, they are handling a high volume of sensitive data for individuals and corporations alike. Add in the fact that they face annually a period of high stress and long hours, and the likelihood of a phishing scam hitting its mark increases.
Tax prepares are targeted so often that the Security Summit - the unprecedented partnership between the IRS, state tax agencies, and the private-sector tax industry - came together to form a united and coordinated front against this common enemy. And, that’s why the Summit partners are asking tax professionals nationwide to join this effort.
They created the "Protect Yourself, Protect Your Clients" campaign and they are urging all tax professionals to join in this effort and to stay up-to-date on the latest threats. This includes subscribing to a special e-newsletter, E-News for Tax Professionals.
All tax preparer businesses would also be wise to work with a IT services firm to establish strong, modern network security practices and ensure compliancy.
General Increase in Phishing Emails
Phishing emails are nothing new and something you should always be mindful of, but it is especially helpful to keep the red flags in mind during tax season.
Acknowledging that the cybercriminals behind these malicious email campaigns follow the news and current events is key to avoiding becoming a victim.
The fact that it's tax season, and that many of us are worried or stressed about filing our taxes creates opportunity that they are more than happy to take advantage of.
This means that we are likely to see an increase in emails that promise a refund, tell us we need to validate personal information before a return can be accepted, warn that a return has been rejected, warn that the tax preparation software you used needs validation, make threats about tax bills that are due, warn that you owe because you didn't have health insurance, etc.
There really is no aspect of this that is off-limits. However these hackers can find their way into the tax season process, they can and they will.
Given that, the most critical thing you can do is to remember that these scams constantly evolve, so always be cautious and trust your gut. If anything about a call, email, a webpage, or piece of mail seems suspicious, train yourself to validate it before proceeding any further.
Another good tip? File your taxes as soon as you can. If you get them filed early, you avoid the risk of a scammer using your social security number to file a fraudulent return in your name.
Want more great technology updates, news and other industry information delivered directly to your inbox? Subscribe to the blog and each week you'll get new useful tech news you can use!