- a business asking the recipient to pay a fake invoice,
- as an employee seeking to re-route a direct deposit, or
- as someone the taxpayer trusts or recognizes, such as an executive, to initiate a wire transfer.
Kicking off the annual “Dirty Dozen” list of the most prevalent tax scams, the Internal Revenue Service is reminding taxpayers of the ongoing threat of internet phishing scams that lead to tax-related fraud and identity theft. The IRS warns taxpayers, businesses and tax professionals to be alert for a continuing surge of fake emails, text messages, websites and social media attempts to steal personal information. These attacks tend to increase during tax season and remain a major danger of identity theft. To help protect taxpayers against these and other threats, the IRS highlights one scam on 12 consecutive week days to help raise awareness. Phishing schemes are the first of the 2019 “Dirty Dozen” most prevalent tax scams. “Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig. “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.” The IRS also urges taxpayers to learn how to protect themselves by reviewing safety tips prepared by the Security Summit, a collaborative effort between the IRS, state revenue departments and the private-sector tax community. “Taking some basic security steps and being cautious can help protect people and their sensitive tax and financial data,” Rettig said. New variations on phishing schemes The IRS continues to see a steady stream of new and evolving phishing schemes as criminals work to victimize taxpayers throughout the year. Whether through legitimate-looking emails with fake, but convincing website landing pages, or social media approaches, perhaps using a shortened URL, the end goal is the same for these con artists: stealing personal information. In one variation, taxpayers are victimized by a creative scheme that involves their own bank account. After stealing personal data and filing fraudulent tax returns, criminals use taxpayers’ bank accounts to direct deposit tax refunds. Thieves then use various tactics to reclaim the refund from the taxpayer, including falsely claiming to be from a collection agency or the IRS. The IRS encourages taxpayers to review some basic tips if they see an unexpected deposit in their bank account. Schemes aimed at tax pros, payroll offices, human resources personnel The IRS has also seen more advanced phishing schemes targeting the personal or financial information available in the files of tax professionals, payroll professionals, human resources personnel, schools, and organizations such as Form W-2 information. These targeted scams are known as business email compromise (BEC) or business email spoofing (BES) scams. Depending on the variation of the scam (and there are several), criminals will pose as: