Cyber Security & Compliance  04/09/2019 NAPA RSS Icon

Lock Down Your Tax Return

By Harry J. Lew

Lock Down Your Tax Return

Financial professionals such as insurance agents, investment advisors, or real estate agents aren’t immune to IRS-related scams. You may think your tax return is safe because you’re more sophisticated than the average consumer. But it’s not, because you’re sitting on significant amounts of valuable information—both your own and your clients—which puts a big cyber target on your back.

Making things worse is the fact that small businesses lack the security resources of large companies. Unfortunately, as a solopreneur or small-firm CEO wearing a dozen different hats, it’s hard to be a cybersecurity expert on top of everything else you do each day. But protecting your business from a rising tide of IRS scams remains crucial. According to the Treasury Inspector General for Tax Administration (TIGTA), over the last six years, more than 1.8 million Americans reported being targeted by IRS impersonators. Over that same period, 9,600 said they complied with the criminals’ demands for cash to the tune of $50 million.

Tax-related refund fraud has also been a growing concern. The IRS estimates that it derailed some $12 billion in 2015 tax refunds going to fraudsters. But it also failed to stop $2.2 billion in fraudulent refund requests.

IRS-focused cybercrime is just one element of the overall fraud landscape. According to the Federal Trade Commission (FTC), imposter scammers pinched nearly $488 million from consumers in 2018, with a median haul per incident of roughly $500.

However, identity thieves keep casing the IRS because its customers—the 90+ million American’s who file tax returns every year—represent a mother load of personal information and tremendous cash flows (including more than $200 billion in refund requests). From Social Security numbers to investment-account details, scammers have much to gain from pilfering tax returns. And the beauty is they don’t have to work hard to do so, since people are deeply afraid of the agency and let fear cloud their common sense when scammers approach.

IRS-related frauds rely heavily on phone and email contacts to confuse consumers into giving out personal information or remitting cash directly to scammer bank accounts. Phone scams are ubiquitous, as anyone who spends time on Facebook groups knows. Criminals use computers to spoof the IRS’s name onto caller-ID and may even know a lot about you when they get you on the phone. At that point, they pressure you to send money now to clean up your “tax balances,” using preloaded debit or gift cards or wire transfers. If you don’t agree to pay, the person on the phone may threaten to have you arrested, suspend your business license, or deport you.

Email scams are equally common and effective. They feature authentic-appearing emails, including the IRS logo, asking about some aspect of your return—your refund, e-File PIN, or filing status. When you click on a URL to respond, the scammers steal your personal information, which they use to file a phony tax return under your name. The obvious goal: to pocket “your” tax refund, no doubt inflated beyond all recognition by the time scammers are done preparing your “return.”

How to protect yourself? Learn about the common IRS tax scams and then ignore IRS imposters when they call. Here are some of the IRS tactics scammers are using these days to take your money and run.

Using Taxpayer Advocate Service phone numbers

In this relatively new scam, criminals make believe they are calling from the IRS’s Taxpayer Advocate Service (TAS), which is an independent organization within the agency.

How it works: a criminal spoofs the telephone number and name of the IRS

TAS office in Houston or Brooklyn. The calls may be actual calls or robocalls asking you to call the agency back. If you do answer or return the call, the person will attempt to trick you into providing personal data such as your Social Security number or individual taxpayer identification number (ITIN).

Posing as a “Ghost Preparer”

The vast majority of tax return preparers are ethical. But some are not, defrauding consumers into paying inflated fees. How? By inventing income so their clients qualify for tax credits. Or they might claim fake deductions. In either case, the goal is to file returns with inflated refunds, which increases their own income since they’re often paid a percentage of the customer’s refund.

Normally, the IRS would uncover such “mistakes,” giving consumers the ability to take action against their preparer. In “ghost preparer” cases, however, scammers often fail to sign their returns or to include their Preparer Tax Identification Number (PTIN). So when the defrauded client attempts to contact the preparer, he discovers there’s no way to track him (or her) down.

Other telltale signs of “ghost preparer” fraud are when the person:

  • Requires cash payments and doesn’t provide a receipt.
  • Demands that tax refunds are wired to their account, not yours.

Dangling Tax Transcripts to Lure Consumers

The IRS and its Security Summit partners (the IRS, state tax agencies, and national tax-preparation firms) late last year warned the public that scammers were attaching so-called tax-transcript files to emails and then encouraging people to click on them. (Tax transcripts are tax-return summaries.) If you did, the so-called “Tax Account Transcript” would download the Emotet malware onto your computer, where it would steal your personal information. It could also spread to other devices on your network and install other forms of malware.

Posing as Taxpayer Assistance Centers

Similar to the Taxpayer Advocate Service scams mentioned earlier, these involve scammers posing as an employee of an IRS Taxpayer Assistance Center (TAC). They spoof the name and phone number of a local IRS TAC. When victims question their identity, they advise them to verify the TAC office’s phone number on the website. After consumers do this, the scammers call back, renewing their demands for money in order to clean up a tax liability.

Using Any Means at Their Disposal to Scam Consumers

In addition to the above frauds, IRS criminals have been extremely inventive at staying one step ahead of law enforcement in their efforts to pressure consumers into forking over money. Some of the techniques they use include:

  • Using faking names and IRS badge numbers
  • Referring to the last four digits of your Social Security number
  • Include bogus sounds in background of the call to mimic an IRS call center
  • Threatening consumers with jail time or deportation
  • Following up their initial calls with fake calls from law-enforcement

Being aware of the various flavors of IRS imposter scams is a good starting point. Even better is raising your vigilance level to detect scammers as soon as possible.  Here are some red flags to watch for:

  • You file a return, but it’s rejected because someone has already filed a return in your name.
  • You receive a letter from the IRS asking whether you already filed a return.
  • You receive a 1099 or W-2 form from a company for which you’ve never worked.
  • You get a tax refund for which you didn’t file.
  • The IRS doesn’t let you file for a tax extension or even file your e-return because another return with your EIN is already on file.
  • You receive a tax transcript or other IRS notice that doesn’t make sense in the context of your return.
  • You don’t receive an expected notice from the IRS because scammers have filed a change of address for you.

Any of these red flags likely indicates a scammer has successfully penetrated your IRS account. Now the game becomes one of remediation . . . i.e., working with the IRS to secure your account. Typically the agency will issue you a PIN, which you must now attach to all future returns so it knows they’re coming from you, not the scammer.

Remediation is a good thing, obviously, but prevention is even better. Consider adopting one or more of these strategies to stop scammers before they do their evil work:

  • Organize your files and file your return early: The earlier you get your return in, the harder it will be for a scammer to file ahead of you in order to claim a phony refund.
  • Pick your accountant’s and/or tax preparer’s brain: Professional tax preparers are on the front lines of IRS fraud. Not only do they witness the scams being perpetrated on their clients, they also receive timely fraud alerts from the IRS. If anyone can help you avoid tax scams, it’s your tax professional.
  • Train your staff to avoid so-called W-2 phishing scams: These are efforts to trick your HR or accounting staff to release W-2 forms to a criminal posing as a high-level executive in your firm.
  • Check for IRS updates: The agency publishes an annual list of emerging scams, entitled “The Dirty Dozen.” You can read the document here, as well as all the latest tax-scam consumer alerts.
  • Never open up email links or attachments: This is excellent advice for avoiding Internet fraud in general. It’s especially good advice when it comes to safeguarding your tax return and related data.
  • Ignore just about any contact from the IRS: If the “agency” contacts you via email, telephone, or text, it’s likely a fraud attempt. If the contact is by mail, validate it first before responding. You can do that by going to the IRS page Understanding Your IRS Notice or Letter or by calling the IRS directly at (800) 829-1040.

Finally, keep in mind that the IRS will never:

  • Call you demanding payment using a specific method such as a prepaid debit card or wire transfer. If you owe taxes, it will normally send you a bill in the mail.
  • Threaten to have law enforcement arrest you in your home or at work.
  • Demand you to pay an outstanding tax balance without letting you question the matter or appeal what you owe.
  • Pressure you to give out your credit card or debit card numbers over the phone.
  • Call about a windfall tax refund that’s news to you.

For more information on IRS tax scams, go here.

Is your business insured against cyber risks? If not, consider the cost-effective cyber liability and data breach coverage available now from the National Association of Professional Agents (NAPA).

Admin Login