By As tax season approaches, taxpayers are reminded to be on the lookout for an array of evolving tax scams related to identity theft and refund fraud. Every year scam artists look for new ways to trick taxpayers out of their hard-earned money, sensitive financial information or even access to their computers. It seems that no matter how careful you are there’s always a possibility that identity thieves could steal your personal information and try to cash in by filing fraudulent tax returns in your name.
Here’s what you need to know:
Which tax scams should I be on the lookout for this tax season?
This tax season some of the most prevalent IRS-impersonation scams include:
Requesting fake tax payments: The IRS has seen automated calls where scammers leave urgent callback requests telling taxpayers to call back to settle their “tax bill.” These fake calls generally claim to be the last warning before legal action is taken. Taxpayers may also receive live calls from IRS impersonators. They may demand payments on prepaid debit cards, iTunes and other gift cards or wire transfer. The IRS reminds taxpayers that any request to settle a tax bill using any of these payment methods is a clear indication of a scam.
Targeting students and parents and demanding payment for a fake “Federal Student Tax”: Telephone scammers are targeting students and parents demanding payments for fictitious taxes, such as the “Federal Student Tax.” If the person does not comply, the scammer becomes aggressive and threatens to report the student to the police to be arrested.
Sending a fraudulent IRS bill for tax year 2015 related to the Affordable Care Act: The IRS has received numerous reports around the country of scammers sending a fraudulent version of CP2000 notices for tax year 2015. Generally, the scam involves an email or letter that includes the fake CP2000. The fraudulent notice includes a payment request that taxpayers mail a check made out to “I.R.S.” to the “Austin Processing Center” at a Post Office Box address.
Soliciting W-2 information from payroll and human resources professionals: Payroll and human resources professionals should be aware of phishing email schemes that pretend to be from company executives and request personal information on employees. The email contains the actual name of the company chief executive officer. In this scam, the “CEO” sends an email to a company payroll office employee and requests a list of employees and financial and personal information including Social Security numbers (SSN).
Imitating software providers to trick tax professionals: Tax professionals may receive emails pretending to be from tax software companies. The email scheme requests the recipient to download and install an important software update via a link included in the e-mail. Upon completion, tax professionals believe they have downloaded a software update when in fact they have loaded a program designed to track the tax professional’s keystrokes, which is a common tactic used by cyber thieves to steal login information, passwords and other sensitive data.
“Verifying” tax return information over the phone: Scam artists call saying they have your tax return, and they just need to verify a few details to process your return. The scam tries to get you to give up personal information such as a Social Security number (SSN) or personal financial information, including bank numbers or credit cards.
Pretending to be from the tax preparation industry: The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails or text messages can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
What are the signs of identity theft?
Here are six signs that could indicate that you may be a victim of tax-related identity theft:
1. Your attempt to file your tax return electronically is rejected. You get a message saying a return with a duplicate Social Security number has been filed. First, check to make sure you did not transpose any numbers. Also, make sure one of your dependents, for example, your college-age child, did not file a tax return and claim themselves. If your information is accurate, and you still can’t successfully e-file because of a duplicate SSN, you may be a victim of identity theft. You should complete Form 14039, Identity Theft Affidavit. Attach it to the top of a paper tax return and mail to the IRS.
2. You receive a letter from the IRS asking you to verify whether you sent a tax return bearing your name and SSN. The IRS holds suspicious tax returns and sends taxpayers letters to verify them. If you did not file the tax return, follow the instructions in the IRS letter immediately.
3. You receive income information at tax time from an employer unknown to you. Employment-related identity theft involves the use of your SSN by someone, generally an undocumented worker, for employment purposes only.
4. You receive a tax refund that you did not request. You may receive a paper refund check by mail that the thief intended to have sent elsewhere. If you receive a tax refund you did not request, return it to the IRS. Write “VOID” in the endorsement section, and include a note on why you are returning it. If it is a direct deposit refund that you did not request, contact your bank and ask them to return it to the IRS.
5. You receive a tax transcript by mail that you did not request. Identity thieves sometimes try to test the validity of the personal data they have chosen, or they attempt to use your data to steal even more information. If you receive a tax transcript in the mail and you did not request it, be alert to the possibility of identity theft.
6. You receive a reloadable, prepaid debit card in the mail that you did not request. Identity thieves sometimes use your name and address to create an account for a reloadable prepaid debit card that they use for various schemes, including tax-related identity theft.
What are tax preparers and other tax professionals doing to protect my financial data?
Unfortunately, tax professionals are increasingly targets of cyber criminals seeking access to client data now as well. Criminals use this stolen information to file fraudulent tax returns for refunds; however, tax preparers and other tax professionals are able to protect their clients–and themselves in the event of a data breach by implementing critical steps such as:
Contacting the IRS and law enforcement:
Report client data theft to your local IRS Stakeholder Liaison. Liaisons will notify IRS Criminal Investigation and others within the agency on your behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in your clients’ names. Contact local police to file a police report on the data breach, as well as the local FBI office and Secret Service (if directed).
Contacting states in which you prepare state returns:
Contacting the tax agency in each state in which you prepare returnsContact the State Attorneys General in each state in which you prepare returns. Most states require that the attorney general is notified of data breaches. This notification process may involve multiple offices.
Contacting experts:
Security experts can determine the cause and scope of the breach, what to do to stop the breach and prevent further breaches from occurring. A data breach should also be reported to your insurance company to determine if your insurance policy covers data breach mitigation expenses.
Contacting clients and other services:
- The Federal Trade Commission offers tips and templates for businesses that suffer data compromise, including suggested language for informing clients.
- Send an individual letter to any clients who have been a victim of a data breach to inform them of the breach but work with law enforcement on timing. Remember that you may need to contact former clients if their prior year data was still in your system.
- Notify your tax software provider who may need to take steps to prevent inappropriate use of your account for e-filing.
- It’s possible that your firm and client passwords may have been compromised and need to be reset, so it’s important to contact your website and/or client portal provider(s).
- The Federal Trade Commission offers tips and templates for businesses that suffer data compromise, including suggested language for informing clients.
- If required, notify a credit and/or ID theft protection agency. Certain states require offering credit monitoring and ID theft protection to victims of ID theft.
- Notify credit bureaus if there is a compromise. Clients may seek their services.
What should I do if I’ve received a suspicious phone call or email from someone claiming to be from the IRS?
If you receive an unexpected call, unsolicited email, letter or text message from someone claiming to be from the IRS, be advised that the IRS will never:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer or initiate contact by email or text message. Generally, the IRS will first mail you a bill if you owe any taxes.
- Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
- Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
- Ask for credit or debit card numbers over the phone.
If you get a suspicious phone call from someone claiming to be from the IRS and asking for money, here’s what you should do:
- Do not give out any information. Hang up immediately.
- Search the web for telephone numbers scammers leave in your voicemail asking you to call back. Some of the phone numbers may be published online and linked to criminal activity.
- Contact TIGTA to report the call. Use their IRS Impersonation Scam Reporting web page or call 800-366-4484.
- Report it to the Federal Trade Commission. Use the FTC Complaint Assistant on FTC.gov. Please add “IRS Telephone Scam” in the notes.
- If you think you might owe taxes, call the IRS directly at 800-829-1040.
If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov.
If you have any questions or believe that you’ve been a victim of an IRS tax scam, don’t hesitate to call.