Phishing scams have risen to a new and particularly pernicious level in the midst of busy season.
The IRS’s latest “dirty dozen” scam list includes these types of schemes, describing them as “new and evolving.” In other words, taxpayers and preparers should be on high alert.
“We urge taxpayers to watch out for these tricky and dangerous schemes,” said Acting IRS Commissioner David Kautter in a statement. “Phishing and other scams on the ‘Dirty Dozen’ list can trap unsuspecting taxpayers. Being cautious and taking basic security steps can help protect people and their sensitive tax and financial data.”
The newest twist is using taxpayers’ data – ripped off from tax professionals and used to file bogus tax returns – to use taxpayers’ bank accounts for direct deposits. The crooks then use assorted tactics to get the money from taxpayers, including pretending to be from a collection agency or the IRS.
“Versions of the scam may continue to evolve,” the IRS states in a notice about the scams. Phone calls, emails and websites are used to make the scam more elaborate. If taxpayers notice an unexpected deposit in their bank account, the IRS offers a slew of suggestions and advice for how to handle a bogus refund if it was a direct deposit, a paper check that hasn’t been cashed, and a paper check that has been cashed. The above link also includes IRS addresses for returning paper checks.
The IRS warned taxpayers against scam groups masquerading as charitable organizations, luring people to make donations to groups or causes that don't actually qualify for a tax deduction. The agency said it also is warning of scams that occur in the wake of significant natural disasters.
The IRS also notes recent email scams that target tax and payroll professionals, human resources personnel, and schools.
These scams involve crooks posing as a person or organization that the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name, or pose as a bank or credit card company, tax software provider or government agency.
“Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages,” the IRS points out. “These criminals hope victims will ‘take the bait’ and provide money, passwords, Social Security numbers and other information that can lead to identity theft.”
Taxpayers’ computers also can be infected with malware via fake emails and websites — but the taxpayer won’t realize it. The malware allows the crooks to access the computer, sensitive files and even keyboard strokes that will reveal log-ins and passwords.
As for tax professionals, the IRS and its Security Summit partners encourage them to be cautious about communicating only via email with potential or existing clients, especially if communications involve unusual requests. Tax professionals should call to confirm a client’s identity.
Tax professionals who get unsolicited and suspicious emails that appear to be from the IRS or related to the e-Services program should report them by sending the emails to [email protected].
About Terry Sheridan
Terry Sheridan is an award-winning journalist who has covered real estate, mortgage finance, health care, insurance, personal finance, and accounting and taxation issues for newspapers, magazines, and websites. A Chicago native and former South Florida resident, she now lives in New England.