IRS kicks off annual list of most prevalent tax scams
Agency warns taxpayers of pervasive phishing schemes in its ‘Dirty Dozen’ campaign
WASHINGTON — Kicking off the annual “Dirty Dozen” list of tax scams, the Internal Revenue Service today warned taxpayers of the ongoing threat of internet phishing scams that lead to tax-related fraud and identity theft.
The IRS warns taxpayers, businesses and tax professionals to be alert for a continuing surge of fake emails, text messages, websites and social media attempts to steal personal information. These attacks tend to increase during tax season and remain a major danger of identity theft.
To help protect taxpayers against these and other threats, the IRS highlights one scam on 12 consecutive week days to help raise awareness. Phishing schemes are the first of the 2019 “Dirty Dozen” scams.
“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig. “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”
The IRS also urges taxpayers to learn how to protect themselves by reviewing safety tips prepared by the Security Summit, a collaborative effort between the IRS, state revenue departments and the private-sector tax community.
“Taking some basic security steps and being cautious can help protect people and their sensitive tax and financial data,” Rettig said.
New variations on phishing schemes
The IRS continues to see a steady stream of new and evolving phishing schemes as criminals work to victimize taxpayers throughout the year. Whether through legitimate-looking emails with fake, but convincing website landing pages, or social media approaches, perhaps using a shortened URL, the end goal is the same for these con artists: stealing personal information.
In one variation, taxpayers are victimized by a creative scheme that involves their own bank account. After stealing personal data and filing fraudulent tax returns, criminals use taxpayers' bank accounts to direct deposit tax refunds. Thieves then use various tactics to reclaim the refund from the taxpayer, including falsely claiming to be from a collection agency or the IRS. The IRS encourages taxpayers to review some basic tips if they see an unexpected deposit in their bank account.
Schemes aimed at tax pros, payroll offices, human resources personnel
The IRS has also seen more advanced phishing schemes targeting the personal or financial information available in the files of tax professionals, payroll professionals, human resources personnel, schools and organizations such as Form W-2 information. These targeted scams are known as business email compromise (BEC) or business email spoofing (BES) scams.
Depending on the variation of the scam (and there are several), criminals will pose as:
· a business asking the recipient to pay a fake invoice
· as an employee seeking to re-route a direct deposit
· or as someone the taxpayer trusts or recognizes, such as an executive, to initiate a wire transfer.
The IRS warned of the direct deposit variation of the BEC/BES scam in December 2018, and continues to receive reports of direct deposit scams reported to firstname.lastname@example.org. The Direct Deposit and other BEC/BES variations should be forwarded to the Internet Crime Complaint Center (IC3). The IRS requests that Form W-2 scams be reported to: email@example.com (Subject: W-2 Scam).
Criminals may use the email credentials from a successful phishing attack, known as an email account compromise, to send phishing emails to the victim’s email contacts. Tax preparers should be wary of unsolicited email from personal or business contacts especially the more commonly observed scams, like new client solicitations.
Malicious emails and websites can infect a taxpayer’s computer with malware without the user knowing it. The malware downloads in the background, giving the criminal access to the device, enabling them to access any sensitive files or even track keyboard strokes, exposing login victim’s information.
For those participating in these schemes, such activity can lead to significant penalties and possible criminal prosecution. Both the Treasury Inspector General for Tax Administration (TIGTA), whicho handles scams involving IRS impersonation, and the IRS Criminal Investigation Division work closely with the Department of Justice to shut down scams and prosecute the criminals behind them.
Tax professional alert
Numerous data breaches across the country mean the tax preparation community must be on high alert to unusual activity, particularly during the tax filing season. Criminals increasingly target tax professionals, deploying various types of phishing emails in an attempt to access client data. Thieves may use this data to impersonate taxpayers and file fraudulent tax returns for refunds.
As part of the Security Summit initiative, the IRS has joined with representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators to combat identity theft refund fraud to protect the nation's taxpayers.
The Security Summit partners encourage tax practitioners to be wary of communicating solely by email with potential or existing clients, especially if unusual requests are made. Data breach thefts have given thieves millions of identity data points including names, addresses, Social Security numbers and email addresses. If in doubt, tax practitioners should call to confirm a client’s identity.
Reporting phishing attempts
If a taxpayer receives an unsolicited email or social media attempt that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), they should report it by sending it to firstname.lastname@example.org. Learn more by going to the Report Phishing and Online Scams page on IRS.gov.
Tax professionals who receive unsolicited and suspicious emails that appear to be from the IRS and/or are tax-related (like those related to the e-Services program) also should report it to: email@example.com.
The IRS generally does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
IRS: Be vigilant against phone scams
Annual ‘Dirty Dozen’ list continues
WASHINGTON — As the April filing deadline approaches, the Internal Revenue Service today warned taxpayers to be alert to tax time phone scams where aggressive criminals pose as IRS agents in hopes of stealing money or personal information.
Phone scams or “vishing” (voice phishing) continue to pose a major threat. The scam has cost thousands of people millions of dollars in recent years, and the IRS continues to see variations on these aggressive calling schemes.
Phone scams again made the IRS’ annual Dirty Dozen list, an annual compilation of some of the schemes that threaten taxpayers not only during filing season but throughout the year.
The IRS is highlighting each of these scams on consecutive days to help raise awareness and protect taxpayers. The IRS also urges taxpayers to help protect themselves against phone scams and identity theft by reviewing safety tips prepared by the Security Summit, a collaborative effort between the IRS, states and the private-sector tax community.
“Taxpayers should be on the lookout for unexpected and aggressive phone calls coming from the IRS,” said IRS Commissioner Chuck Rettig. “These calls can feature scam artists aggressively ordering immediate payment and making threats against a person. Don’t fall for these.”
Beginning early in the filing season, the IRS generally sees an upswing in scam phone calls threatening arrest, deportation or license revocation, if the victim doesn’t pay a bogus tax bill. These calls most often take the form of a “robo-call” (a text-to-speech recorded voicemail with instructions to call back a specific telephone number), but in some cases may be made by a real person. These con artists may have some of the taxpayer’s information, including their address, the last four digits of their Social Security number or other personal details.
The Treasury Inspector General for Tax Administration (TIGTA), the federal agency that investigates tax-related phone scams, says these types of scams have cost 14,700 victims a total of more than $72 million since October 2013
How do the scams work?
Criminals make unsolicited calls and leave voicemails with urgent callback requests claiming to be IRS officials. They demand that the victim pay a bogus tax bill by sending cash through a wire transfer, prepaid debit card or gift card.
Many phone scammers use threats to intimidate and bully a victim into paying. The phone scammers may alter or “spoof” their caller ID to make it look like the IRS or another agency is calling. The callers may use IRS employee titles and fake badge numbers to appear legitimate.
The IRS also reminds taxpayers that scammers often change tactics. Variations of the IRS impersonation scam continue year-round and tend to peak when scammers find prime opportunities to strike. Tax scams can be more believable during the tax filing season when people are thinking about their taxes.
Here are some things the scammers often do, but the IRS will not do. Taxpayers should remember that any one of these is a tell-tale sign of a scam.
The IRS will never:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
- Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
- Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
- Ask for credit or debit card numbers over the phone.
- Call about an unexpected refund.
For taxpayers who don’t owe taxes or don’t think they do:
- Please report IRS or Treasury-related fraudulent calls to firstname.lastname@example.org (Subject: IRS Phone Scam).
- Do not give out any information. Hang up immediately. The longer the con artist is engaged; the more opportunity he/she believes exists, potentially prompting more calls.
- Contact TIGTA to report the call. Use their IRS Impersonation Scam Reporting web page. Alternatively, call 800-366-4484.
- Report it to the Federal Trade Commission. Use the “FTC Complaint Assistant” on FTC.gov. Please add "IRS Telephone Scam" in the notes.
For those who owe taxes or think they do:
- Call the IRS at 800-829-1040. IRS workers can help.
- View tax account online. Taxpayers can see their past 24 months of payment history, payoff amount and balance of each tax year owed.
Stay alert to scams that use the IRS or other legitimate companies and agencies as a lure. Tax scams can happen any time of year, not just at tax time. For more information visit Tax Scams and Consumer Alerts on IRS.gov.