Yesterday we introduced the first installment of the IRS’ Dirty Dozen — its annual list of the top tax scams that victimize many unsuspecting people. We feel it’s important to share this information and urge you to share it with your family and friends.
Today we present scams that use email, text, social media messages, or phone calls to get personal information, with the end goal of tax-related identity theft. Too many people fall prey to someone pretending to be from their bank, the IRS, or another government agency. They willingly provide their social security number, bank account, or credit card information.
Here’s what you need to know about these types of scams:
Tax-related phishing scams persist
The IRS warns taxpayers, businesses, and tax professionals to be alert for a continuing surge of fake emails, text messages, websites, and social media attempts to steal personal information. These attacks tend to increase during tax season and remain a major cause of identity theft throughout the year.
Phishing scams target individuals with communications appearing to come from legitimate sources to collect victims’ personal and financial data and potentially infect their devices by convincing the target to download malicious programs. Cybercriminals usually send phishing communications by email but may also use text messages or social media posts, or messaging.
These phishing schemes can be tricky and cleverly disguised to look like they’re from the IRS or others in the tax community. Taxpayers are reminded to continually watch out for emails and other scams posing as the IRS, like those promising a big refund, missing stimulus payment, or even issuing a threat. People should not open attachments or click on links in those emails or text messages.
3. Phishing – new client scams target tax pros
The “New Client” scam continues to be a prevalent form of phishing for tax pros. Here’s an example in the form of an email: “I just moved here from Michigan. I have an urgent tax issue, and I was hoping you could help,” the email begins. “I hope you are taking on new clients.”
The email says one attachment is an IRS notice and the other attachment is the prospective client’s prior-year tax return. This scam has many variations, so tax professionals should be wary and avoid opening attachments or clicking links when they don’t know the e-mail sender.
4. Impersonator phone calls/vishing
Individuals should be wary of unexpected phone calls asking for personal financial information. The IRS has seen increased voice-related phishing, or ‘vishing,’ particularly from scams related to federal tax liens. For those receiving phone calls out of the blue, security experts recommend asking the caller questions but not providing any personal information. If in doubt, hang up immediately.
During 2020, almost 400 vishing scams were reported, a 14% increase from the prior year. Of those vishing scams, 25% were scammers who tried to use fake tax lien information. The number of tax-lien-related scams increased from 58 in 2019 to 104 in 2020. The IRS urges taxpayers to refrain from engaging potential scammers on the phone or online.
While both the IRS and the Federal Trade Commission have seen a decline in the number of reports of scammers claiming to be from the IRS telephoning potential victims, the agency urges taxpayers to be wary.
While the numbers may be on the decline, the IRS urges taxpayers to remain vigilant and to remember the following things about the IRS:
- The IRS generally first contacts people by mail – not by phone – about unpaid taxes.
- The IRS may attempt to reach individuals by telephone but will not insist on payment using an iTunes card, gift card, prepaid debit card, money order, or wire transfer.
- The IRS will never request personal or financial information by e-mail, text, or social media.
Recipients of these calls should hang up before giving out any information. If anyone receives an unexpected call from the IRS that they believe to be a scam, they can report it to the Treasury Inspector General for Tax Administration (TIGTA).
5. Social media scams continue
Taxpayers should be aware of social media scams, which frequently use events like COVID-19 to try to trick people. Social media enables unscrupulous individuals to lurk on accounts and extract personal information to use against the victim. These cons may send emails impersonating the victim’s family, friends, or co-workers.
Social media scams have also led to tax-related identity theft. The basic element of social media scams is convincing a potential victim that they are dealing with a person close to them that they trust via email, text, or social media messaging.
Using personal information, a scammer may email a potential victim and include a link to something of interest to the recipient, containing malware intended to commit more crimes. Scammers also infiltrate their victims’ emails and cell phones to go after their friends and family with fake emails that appear to be real and text messages soliciting, for example, small donations to fake charities appealing to the victims.
Individuals should know that information publicly shared on social media platforms can be collected and used against them. One way to circumvent these scams is to review privacy settings and limit data that is publicly shared.
6. Ransomware on the rise
Financial institutions should be aware of trends and indicators of ransomware, a form of malicious software (“malware”) designed to block access to a computer system or data. Access is often blocked by encrypting data or programs on information technology (IT) systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data. In some cases, in addition to the attack, the perpetrators threaten to publish sensitive files belonging to the victims, which can be individuals or business entities.
The consequences of a ransomware attack can be severe and far-reaching, with losses of sensitive, proprietary, and critical information and loss of business functionality. The role of financial intermediaries in facilitating ransomware payments and ransomware attacks is a growing concern for the financial sector because of the critical role financial institutions play in the collection of ransom payments.
The IRS reminds taxpayers and tax professionals to keep abreast of news about fraud-related behavior. Report any instances of fraud immediately.
For more information, visit Tax Fraud Alerts and Tax Scams – How to Report Them on the IRS’ website, or contact an HW&Co. tax advisor.
Keep reading for more of the IRS’ Dirty Dozen List.