Tax-related identity scams

Watch out for tax-related identity scams all year long

The IRS has taken successful steps to reduce tax-related identity theft, but it cautions taxpayers to stay alert for scams year round.

With the filing date at the forefront for most organizations and individuals, something we all need to think about is income taxes. Unfortunately, though, criminals who commit tax-related identity theft are constantly devising and unleashing new schemes.

And even though the IRS has taken successful steps to reduce tax-related identity theft, it cautions taxpayers to stay alert for scams year round.

What is tax-related identity theft?

According to the IRS, tax-related identity theft generally occurs when a thief uses a stolen Social Security number (SSN) to file a tax return claiming a fraudulent refund. The victimized taxpayer may not learn of the theft until he or she attempts to file a tax return and finds that a return has already been filed for that SSN. Alternatively, the taxpayer might discover the theft upon receipt of a letter from the IRS saying it has identified a suspicious return that uses the taxpayer’s SSN.

Thieves have devised a variety of methods to obtain the information they need to file a tax return under another person’s SSN. During the past several years, the IRS, Federal Trade Commission (FTC) and state tax agencies have issued warnings as new methods come to the forefront.

How does tax-related identity theft occur?

Filing fraudulent returns is not the only way that taxpayers are victimized. Scam artists are using multiple channels to conduct their tax-related identity theft schemes, including areas such as the following:

Phone schemes - Last year, less than 10 days after the tax return filing deadline, the IRS highlighted a new phone scam conducted by fraudsters who program their computers to display the phone number of the local IRS Taxpayer Assistance Center (TAC) on the taxpayer’s caller ID. If the taxpayer questions the legitimacy of the caller’s demand for a tax payment, the caller directs him or her to IRS.gov to verify the local TAC phone number.

The perpetrator hangs up, calls back after a short period – again “spoofing” the TAC number – and resumes the demand for money. These scam artists generally require payment on a debit card, which allows them to directly access the victim’s bank account.

In another phone scheme, the criminals claim they are calling from the IRS to verify tax return information. They tell taxpayers that the agency has received their returns and simply needs to confirm a few details to process them. The taxpayers are prompted to provide personal information such as an SSN and bank or credit card numbers.

Digital schemes - Emails that appear to be from the IRS are part of phishing schemes intended to trick the recipients into revealing sensitive information that can be used to steal their identities. The emails may seek information related to refunds, filing status, transcript orders or PIN information.

The scammers have developed twists on this approach, too. The emails might seem to come from an individual’s tax preparer and request information needed for an IRS filing. Or the information request could arrive via text messages. Whether by text or email, the communication states that “you are to update your IRS e-file immediately” and includes a link to a fake website that mirrors the official IRS site. Emails also could include links that cause the recipients to download malware that infects their computers and tracks their keystrokes or allows access to files stored on their computers.

Do businesses need to worry?

The short answer is yes. Businesses have also been targeted by criminals who are intent on victimizing their employees or the businesses themselves.

For several years now, criminals have employed different spoofing techniques known as business email compromise (BEC) or business email spoofing (BES). They disguise an email to a company’s human resources or payroll department so it seems to come from an executive in the company. The email requests a list of all employees and their Forms W-2 – information that can be used to file returns in the employees’ names.

Scammers also are pursuing businesses’ Employer Identification Numbers (EINs). They then report false income and withholding and file for a refund in the companies’ names. Even worse for the companies, the IRS could go after them for payroll taxes reported as withheld but not remitted.

The IRS recently announced that it has seen a sharp increase in the number of fraudulent filings of certain business tax forms, including Schedule K-1 and those filed by corporations and partnerships. As a result, the IRS may ask businesses for additional information (such as the driver’s license numbers of owners) to help identify suspicious tax returns.

How does the IRS contact taxpayers?

The IRS has made it clear that it will not:

  • Threaten to bring in law enforcement to have someone arrested for nonpayment of taxes;
  • Revoke a driver’s license, business license or immigration status for nonpayment;
  • Demand a specific payment method, such as a prepaid debit card, gift card or wire transfer;
  • Request a debit or credit card number over the phone;
  • Demand the payment of taxes without the opportunity to question or appeal the amount owed (the IRS usually mails a bill when a taxpayer owes taxes);
  • Send unsolicited emails, texts or messages through social media channels suggesting taxpayers have refunds or need to update their accounts; or
  • Request any sensitive information online.

The IRS will call or visit a home or business in only very limited circumstances. It might do so, for example, if a taxpayer has a severely overdue tax bill, to secure an employment tax payment or to tour a business as part of an audit or a criminal investigation. Even in these special situations, the IRS generally will first send several notices by mail.

Need more information?

For more information contact Brian Johnson using the information below.

Brian Johnson

Senior Vice President
Technology Services

Brian leads the firm's technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance, and advisory services. He has extensive experience in information security, network engineering, and solution development, with recognized specializations in governance, risk, control, and related consulting services.

Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and Technology Assurance (IMTA) Section, and APICS (the Association for Operations Management). He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned a master's of accountancy and bachelor's in business administration.

NOTE: Any advice contained in this material is not intended or written to be tax advice, and cannot be relied upon as such, nor can it be used for the purpose of avoiding tax penalties that may be imposed by the IRS or states, or promoting, marketing or recommending to another party any transaction or matter addressed herein.