Tax-related identity theft is an increasingly problematic issue and is becoming more dangerous as scammers adapt to preventive measures taken by the IRS and law enforcement. The IRS recently released Tax Tip 2018-32, warning of “a new twist on an old scam”: Thieves have a fraudulent tax refund deposited into a taxpayer’s bank account and attempt to claim the refund directly from the taxpayer. In addition, rather than contacting the taxpayer directly, thieves attempt to obtain information from employers, human resource departments, professional advisors as well as other sources.
In the refund scam, perpetrators execute the heist by stealing taxpayer data and using it to file fraudulent returns by posing as the taxpayers. Overpayments are refunded via direct deposit into the taxpayers’ bank accounts. Then the thieves contact the taxpayers, stating the refunds were deposited in error and ask that they be returned.
The IRS identified two current versions of the scam and warned that it may continue to evolve:
The scheme has been listed by the IRS as one of the “Dirty Dozen” scams identified annually, raising awareness of the many varieties of theft attempted most often during return filing season. Perpetrators alter caller ID numbers, use IRS employee titles and fake badge numbers, and reference the taxpayer’s name, address and other personal information in an effort to make the calls appear legitimate.
Recently, the IRS has seen email schemes targeting tax professionals, payroll professionals, human resources personnel, school systems and individual taxpayers.
In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person's name. They also pose as a bank, credit card company, a tax software provider or government agency.
These schemes focus on employees rather than the taxpayer directly. Thieves target employees’ roles at work, especially human resources or finance-related roles. They mask their communications to appear to be coming from a boss or co-worker, or from a trusted business associate, such as a payroll provider. They then request information instead of money, typically, employee data such as W-2 forms.
Identity thieves often go to great lengths to create websites that appear legitimate but contain phony login pages. Fake emails and websites also can infect a taxpayer's computer with malware without the user knowing, thereby giving thieves access to the computer. Recognizing a plot is critical to prevent further damage. Things to consider include:
Keep in mind, the IRS generally conducts its correspondence via the U.S. mail. In addition,
If contacted by any of the above methods or any semblance thereof, taxpayers should:
Taxpayer steps to help prevent identity theft include:
For more, see the IRS Taxpayer Guide to Identity Theft.
For related insights and in-depth analysis, see our Tax reform resource center.
For more information on this topic, or to learn how Baker Tilly tax specialists can help, contact our team.
The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Tax information, if any, contained in this communication was not intended or written to be used by any person for the purpose of avoiding penalties, nor should such information be construed as an opinion upon which any person may rely. The intended recipients of this communication and any attachments are not subject to any limitation on the disclosure of the tax treatment or tax structure of any transaction or matter that is the subject of this communication and any attachments.