Man consults on the phone while working on the computer

Authored by Paul Dillon, Michelle Hobbs and Mike Schiavo

Tax-related identity theft continues to be a problematic issue and is becoming more dangerous as scammers adapt to preventive measures taken by the IRS and law enforcement. Thieves work year-round to steal personal identification, bank or investment account balances, and tax payments or refunds.

This year’s stimulus payments and tax law changes are providing scammers additional opportunities to attempt to deceive taxpayers into giving them access to their computers and personal information. Email, telephone calls, text messages and social media channels are all used to persuade or intimidate taxpayers into providing such data. With the extension to May 17 for the April 15 deadline, this alert is to remind taxpayers to remain vigilant in protecting sensitive information throughout the year.

Tax document scam

One of the most recent schemes involves emails supposedly containing tax documents. Hackers entice the recipients to open embedded attachments, which then release malware onto computers capable of stealing personal data and possibly even tax refunds.

Taxpayers receive an email seemingly from a trusted source containing documents purported to be related to their tax return. If opened, these attachments appear blurry on the screen and a “helpful” prompt pops up asking the viewer to click through to edit the documents. Under the guise of viable software, often even including fake service package offerings, promotions and sales, the taxpayer, instead, downloads onto their computer invasive malware, which now allows scammers to steal personal data and potentially access connected or related computers.

COVID-19 scams

Taxpayers should also be aware of multiple types of pandemic-related scams. Hackers use phishing schemes via email, letters, texts and links coupled with COVID-19 or other pandemic-related language to obtain personal identifying data, passwords and other login information in order to steal economic impact payments and other stimulus benefits. Fake charities are another mechanism thieves are using to play on people’s emotions and instead steal money and identifiable information.

Fraudulent refunds

In the refund scam, perpetrators execute the heist by stealing taxpayer data and using it to file fraudulent returns by posing as the taxpayers. Overpayments are refunded via direct deposit into the taxpayers’ bank accounts. Then the thieves contact the taxpayers, stating the refunds were deposited in error and ask that they be returned.

The IRS identified two versions of the scam and warned that it may continue to evolve:

  1. The thief contacts the taxpayer, posing as a debt collection agency official acting on the IRS’ behalf, reports the erroneous refund deposit and asks for the money to be returned to the collection agency.
  2. The taxpayer receives a recorded message via phone, with the recorded voice saying the call is from the IRS and threatening criminal fraud charges, an arrest warrant and blacklisting of the taxpayer’s Social Security number. A fake case number and phone number to call to arrange the repayment of the refund are provided near the end of the message.

The scheme has been listed by the IRS as one of the “Dirty Dozen” scams identified annually, raising awareness of the many varieties of theft attempted most often during return filing season. Perpetrators alter caller ID numbers, use IRS employee titles and fake badge numbers, and reference the taxpayer’s name, address and other personal information in an effort to make the calls appear legitimate.

Email schemes

Recently, the IRS has seen email schemes targeting tax professionals, payroll professionals, human resources personnel, school systems and individual taxpayers.

In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person's name. They also pose as a bank, credit card company, a tax software provider or government agency.

These schemes focus on employees rather than the taxpayer directly. Thieves target employees’ roles at work, especially human resources or finance-related roles. They mask their communications to appear to be coming from a boss or co-worker, or from a trusted business associate, such as a payroll provider. They then request information instead of money, typically, employee data such as W-2 forms.

Identity thieves often go to great lengths to create websites that appear legitimate but contain phony login pages. Fake emails and websites also can infect a taxpayer's computer with malware without the user knowing, thereby giving thieves’ access to the computer. Recognizing a plot is critical to prevent further damage. Things to consider include:

  • Remind employees in sensitive positions (access to critical data) to verify requests made via email. They should call or initiate a separate email confirming the request as a reply email may be routed to a false source.
  • Report suspicious requests to your IT department.

How to protect yourself

Keep in mind, the IRS generally conducts its correspondence via the U.S. mail. In addition,

  • The IRS will not call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer.
  • The IRS will not threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.
  • The IRS will not demand tax payments without giving taxpayers the opportunity to question or appeal the amount owed, ask for credit or debit card numbers over the phone, or call about an unexpected refund.

If contacted by any of the above methods or any semblance thereof, taxpayers should:

  • Contact their tax preparer immediately
  • Report the incident to their local police department and the Federal Trade Commission
  • Place a fraud alert or credit freeze with one of the three major credit bureaus (Equifax, Experian, TransUnion) and request a copy of their credit report
  • Contact their financial institution and close accounts as needed
  • Follow the steps provided by IRS Topic Number 161 for returning an erroneous refund
  • COVID-19-related fraud should be reported to the National Center for Disaster Fraud (NCDF) hotline at +1 (866) 720 5721
  • Theft of economic impact payments can be reported to the Treasury Inspector General for Tax Administration (TIGTA)

Taxpayers can take a number of steps to help prevent identity theft:

  • Protect Social Security numbers and personal financial information. Confidential information should not be carried around and should only be provided when absolutely necessary, and with extreme caution;
  • Never email or text sensitive personal or financial information;
  • Monitor credit reports;
  • Check Social Security Administration earnings statements annually;
  • Shred financial documents or any other document containing confidential information when no longer needed;
  • Use security software with firewall and anti-virus protections combined with strong passwords (combinations of uppercase and lowercase letters, numerals and special symbols);
  • Recognize and avoid phishing emails and threatening communications; and
  • Refrain from clicking on links or downloading attachments from suspicious emails or other sources.
  • Before opening attachments or links in an unexpected email or text from a trusted provider, contact the provider to confirm documents were indeed sent for review.

For more, see the IRS Taxpayer Guide to Identity Theft.

For more information on these topics, or to learn how Baker Tilly tax specialists can help, contact our team.

The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Tax information, if any, contained in this communication was not intended or written to be used by any person for the purpose of avoiding penalties, nor should such information be construed as an opinion upon which any person may rely. The intended recipients of this communication and any attachments are not subject to any limitation on the disclosure of the tax treatment or tax structure of any transaction or matter that is the subject of this communication and any attachments.

Healthcare data and cybersecurity risk management on an ipad
Next up

HIPAA: get serious about identifying your organizational cybersecurity risks