By Suzy Taherian, Contributor, CFO Network and lecturer in the Graduate School of Management, UC Davis
This story is excerpted from an article published in Forbes on July 18. Its contents are used with permission.
IRS deferred tax filing to July 15 this year due to COVID-19. Tax scammers get busy after the tax filing date. They file fraudulent refunds or impersonate IRS employees demanding payments or steal personal financial information. Some scammers contact taxpayers with requests for donations to fake charities, claiming to help COVID-19 victims.
It’s time to be on the watch for what IRS calls the “Dirty Dozen” tax scams, explained below:
This expression is a play on the word “fishing” for information. It refers to fake emails or websites that request information to steal personal data. Criminal elements can sell the personal data or use it for identity theft or other nefarious activities. The IRS never initiates contacts with taxpayers by email. Any emails that pretend to be from the IRS and request information or ask to click on a link should be regarded with suspicion. IRS Criminal Investigation has seen a jump in phishing schemes online, with many perpetrators using references to COVID-19 crisis to bait users. The IRS requests that phishing scams be reported to: email@example.com
- Fake charities
Crisis can create opportunities for criminals to take advantage of well-intentioned people who want to help others. Scammers can set up fake charities and solicit donations. Sadly, fake charity scams increase during crisis. The scam involved unsolicited contact by phone, text, email, or even in-person contact, involving names of charities which may be similar to legitimate nonprofit organizations. Taxpayers who want to donate to a charity can verify qualified charities with the search tool on IRS.gov
- Threatening impersonator phone calls
Some scammers impersonate IRS personnel and make threatening calls to taxpayers demanding immediate payment. They threatened deportation, penalties, and imprisonment. Taxpayers can contact the IRS directly to verify the validity of the call.
Other scammers use social media to get information about taxpayers and then impersonate their friends or family members. Once the scammers gain the trust of their victim, they can ask for personal data or illegitimate donations or trick them into clicking on dangerous links or giving access to financial tools. One way to protect against this scam, is to contact the friend or family member via another channel on any unusual communications to confirm the original contact was real.
IRS also warns taxpayers against refund fraud or theft. This year, criminals were looking to steal Economic Impact Payments which were intended for distressed companies under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. Criminals will file fake tax returns and divert the refunds to their address or bank accounts. Taxpayers who didn’t receive an expected refund or received notification about an unexpected refund being issued to an unusual address/bank account can contact the IRS to clarify.
- Senior fraud
Senior citizens and those who care for them should be on extra alert. Older adults may have larger retirement savings so are more likely to be targeted. Seniors are increasingly using technology to engage with family and friends on social media or do virtual banking. As they shelter-in-place and interact more online, seniors are more vulnerable to phishing or impersonation fraud or other scams. Elder fraud risk decreases significantly if the scammer knows there is a trusted friend or family member involved. Given the high risk and high incidence of senior fraud, IRS, the Department of Justice, FBI, the Federal Trade Commission, and the Consumer Financial Protection Bureau (CFPB) are all actively involved in investigating these crimes. Any allegations of this fraud can be reported to these agencies.
- Scams targeting non-English speakers
Another major target for scam artists are non-English speakers. The impersonator will often threaten and intimidate this vulnerable group, especially recent immigrants who may be in uncertain or temporary immigration status. The scammers may ask for personal or financial information or demand payment of overdue taxes. In some cases, they may have some limited personal information such as the last 4 digits of social security number which makes their calls seem more legitimate. It’s important to advise non-native English speakers that the IRS doesn’t initiate contact by phone or email and anyone who receives these calls or emails should ignore them or contact the IRS to validate or reject the contact.
- Unscrupulous return preparers
Taxpayers should steer clear of “ghost” preparers, who pose as professional tax preparers. Ghost preparers will prepare and file a tax return on behalf of another person but they may not be qualified to do so and any errors they make will be the liability of the taxpayer. Some unscrupulous preparers may charge for filing tax returns for those who do not have a filing requirement or may ask for an upfront payment for an inflated or illegal refund. Ghost preparers don't sign the tax returns they prepare. To protect themselves, taxpayers can ask for the Preparer Tax Identification Number (PTIN) and ask the preparers to sign and include their PTIN on returns. IRS suggests additional steps to vet a preparer before hiring them.
- Offer-in-compromise mills
Offer in Compromise (OIC) is a process whereby taxpayers who are eligible may qualify to settle their tax bill at a reduced amount. However OIC mills are unscrupulous tax debt resolution companies which offer to settle tax debt at “pennies on the dollar.” In exchange, they usually collect a hefty fee upfront. OIC mills make these fraudulent offers to taxpayers who are not qualified but collect their fee regardless. In Fiscal Year 2019, of the 54,000 OICs submitted to the IRS, 18,000 were accepted. To avoid this scam, taxpayers can use the free online Offer in Compromise Pre-Qualifier tool.
- Fake payments with repayment demands
One creative criminal fraud involves a bogus refund to the taxpayer’s bank account. The scammer gets the social security number and the bank account information of the taxpayer. They file a fake tax return with a refund deposited into the taxpayers account. Then the fraudster impersonates an IRS employee and calls the taxpayer to let them know there was an error and demand an immediate return of the funds. The taxpayer is told to buy gift cards for the amount of the refund and provide the code over the phone. The scammer can use the code to get the cash from the cards without needing to have the actual card. Eventually the IRS will discover the fraudulent refund and contact the victim to return the funds. The unfortunate taxpayer will end up paying for the reimbursement a second time.
It’s important to note that the IRS will never demand payment by gift cards. Generally, the taxpayer has several payment options and they can choose their preferred method. If a taxpayer gets a call with a request for payment in a specific manner, they should contact the IRS to verify the demand.
- Payroll and HR scams
Some scams are designed to steal w-2 and other tax information or divert funds from payroll. Scammers may be able to hack into an email or set up an email that looks very similar to an actual email account. Then from that email account, they will send a request to a colleague to purchase gift cards or may ask that payment to an employee be deposited in a new account. Another ploy is to send a fake invoice and request payment; in some cases, the invoice may appear to be a legitimate IRS document to convince the victim.
Anyone who thinks they may be a victim of these frauds, can file a complaint with the Federal Bureau of Investigation Internet Crime Complaint Center (IC3).
Ransomware is a form of getting ransom through a cyberattack. The cybercriminals will get access to a victim’s financial data or critical operating system. They may download a malware, which is akin to a Trojan horse that once it’s inside the computer system would identify critical or sensitive data and lock it, cutting off access for the original data owner. They will then either remove the data and ask for ransom to release it or threaten to destroy or release the data publicly unless the ransom is paid. They’ve targeted small businesses or government organizations with limited cyber-protection. They’ve also successfully taken down large sophisticated computer networks. The cyber criminals avoid detection by asking for payment in virtual currency such as bitcoin.
There are several lines of defense for this pernicious and powerful cyberattack. Taxpayers should be very diligent to keep updated virus protection on their networks and on the devices such as smartphones or laptops used to access those networks. In addition to intelligent software protection, good personal vigilance on email and social media is key. Most of the system vulnerabilities are from human error or lack of caution. Email solicitations to support a fake COVID-19 charity would get by the virus software but could be stopped by a discerning user. Some tax professionals and taxpayers use the free, multi-factor authentication feature on tax preparation software products.
Follow Taherian on LinkedIn. Check out her website or some of her other work here.