IRS annual list of most prevalent tax scams April 2019 Tax News

IRS YouTube Videos:

The IRS warns tax professionals with a list of tax scams about ongoing threat of internet phishing scams that lead to tax-related fraud and identity theft.

New variations on phishing schemes

The IRS continues to see a steady stream of new and evolving phishing schemes as criminals work to victimize taxpayers throughout the year. Whether through legitimate-appearing emails with fake, but convincing website landing pages, or social media approaches, perhaps using a shortened URL, the end goal is the same for these con artists: stealing personal information.

Schemes aimed at tax pros, payroll offices, and human resources personnel

The IRS has also seen more advanced phishing schemes targeting the personal or financial information available in the files of tax professionals, payroll professionals, human resources personnel, schools and organizations such as Form W-2 information. These targeted scams are known as business email compromise (BEC) or business email spoofing (BES) scams.

Depending on the variation of the scam (and there are several), criminals will pose as:

  • a business asking the recipient to pay a fake invoice
  • an employee seeking to re-route a direct deposit
  • someone the taxpayer trusts or recognizes, such as an executive, to initiate a wire transfer of funds

The IRS warned of the direct deposit variation of the BEC/BES scam in December 2018, and continues to receive reports of direct deposit scams reported to phishing@irs.gov. The Direct Deposit and other BEC/BES variations should be forwarded to the Internet Crime Complaint Center (IC3). The IRS requests that Form W-2 scams be reported to: phishing@irs.gov (Subject: W-2 Scam).

Tax professional alert

Numerous data breaches across the country mean the tax professional community must be on high alert to unusual activity, especially during the tax filing season. Criminals increasingly target tax professionals, deploying various types of phishing emails in an attempt to access client data. Thieves may use this data to impersonate taxpayers and file fraudulent tax returns for refunds.

As part of the Security Summit initiative, the IRS has joined with representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators to combat identity theft refund fraud to protect the nation's taxpayers.

The Security Summit partners encourage tax practitioners to be wary of communicating solely by email with potential or existing clients, especially if unusual requests are made. Data breach thefts have given thieves millions of identity data points including names, addresses, Social Security numbers and email addresses. If in doubt, tax practitioners should call to confirm a client’s identity.

Reporting phishing attempts

If your client receives an unsolicited email or social media attempt that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), they should report it by sending it to phishing@irs.gov. Learn more by going to the Report Phishing and Online Scams page on IRS.gov.

If you receive unsolicited and suspicious emails that appear to be from the IRS and/or are tax-related (like those related to the e-Services program) also should report it to: phishing@irs.gov.

The IRS generally does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.