IRS Unveils ‘Dirty Dozen’ List of Tax Scams For 2020 – Part 4

Fake Payments with Repayment Demands: Criminals are always finding new ways to trick taxpayers into believing their scam including putting a bogus refund into the taxpayer’s actual bank account. Here’s how the scam works:

A con artist steals or obtains a taxpayer’s personal data including Social Security number or Individual Taxpayer Identification Number (ITIN) and bank account information. The scammer files a bogus tax return and has the refund deposited into the taxpayer’s checking or savings account. Once the direct deposit hits the taxpayer’s bank account, the fraudster places a call to them, posing as an IRS employee. The taxpayer is told that there’s been an error and that the IRS needs the money returned immediately or penalties and interest will result. The taxpayer is told to buy specific gift cards for the amount of the refund.

The IRS will never demand payment by a specific method. There are many payment options available to taxpayers and there’s also a process through which taxpayers have the right to question the amount of tax we say they owe. Anytime a taxpayer receives an unexpected refund and a call from us out of the blue demanding a refund repayment, they should reach out to their banking institution and to the IRS.

Payroll and HR Scams: Tax professionals, employers and taxpayers need to be on guard against phishing designed to steal Form W-2s and other tax information. These are Business Email Compromise (BEC) or Business Email Spoofing (BES). This is particularly true with many businesses closed and their employees working from home due to COVID-19.  Currently, two of the most common types of these scams are the gift card scam and the direct deposit scam.

In the gift card scam, a compromised email account is often used to send a request to purchase gift cards in various denominations. In the direct deposit scheme, the fraudster may have access to the victim’s email account (also known as an email account compromise or “EAC”). They may also impersonate the potential victim to have the organization change the employee’s direct deposit information to reroute their deposit to an account the fraudster controls.

BEC/BES scams have used a variety of ploys to include requests for wire transfers, payment of fake invoices as well as others. In recent years, the IRS has observed variations of these scams where fake IRS documents are used in to lend legitimacy to the bogus request. For example, a fraudster may attempt a fake invoice scheme and use what appears to be a legitimate IRS document to help convince the victim.

Ransomware: This is a growing cybercrime. Ransomware is malware targeting human and technical weaknesses to infect a potential victim’s computer, network or server. Malware is a form of invasive software that is often frequently inadvertently downloaded by the user. Once downloaded, it tracks keystrokes and other computer activity. Once infected, ransomware looks for and locks critical or sensitive data with its own encryption. In some cases, entire computer networks can be adversely impacted.

Victims generally aren’t aware of the attack until they try to access their data, or they receive a ransom request in the form of a pop-up window. These criminals don’t want to be traced so they frequently use anonymous messaging platforms and demand payment in virtual currency such as Bitcoin.

Cybercriminals might use a phishing email to trick a potential victim into opening a link or attachment containing the ransomware. These may include email solicitations to support a fake COVID-19 charity. Cybercriminals also look for system vulnerabilities where human error is not needed to deliver their malware.

The IRS and its Security Summit partners have advised tax professionals and taxpayers to use the free, multi-factor authentication feature being offered on tax preparation software products. Use of the multi-factor authentication feature is a free and easy way to protect clients and practitioners’ offices from data thefts. Tax software providers also offer free multi-factor authentication protections on their Do-It-Yourself products for taxpayers.

If you have read each of the four blogs on protecting yourself from the “Dirty Dozen”, you will hopefully be aware of what to watch out for, how not to be vulnerable and how to best protect yourself from scammers.

Share

Tags:

Kay Sowa

About the Author

Kay Sowa is a paralegal in the Trusts and Estates Group at Capehart & Scatchard, P.A. She is an IRS Enrolled Agent, an Accredited Estate Planner®, and a Certified Trust and Financial Advisor. She oversees the trust and estate administration practice for the firm. She is an accomplished author and lecturer who has frequently spoken on behalf of a number of organizations including the National Business Institute and the Institute of Paralegal Education.

Post a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top