Phishing schemes, especially during tax season, have become very widespread. A little extra caution can go a long way to avoid the threat of refund fraud or identity theft.
The Definition of Phishing. It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Phishing scams are easy to accomplish and can be done from home. A typical phishing email during tax season will bear similar (or sometimes identical) IRS letterhead or logos and will instruct you to follow a link that will lead you to, you guessed it, a site that requests your personal information. Some individuals are too quick to trust a logo or letterhead and forget to check the validity of an email/site before divulging their personal information.
In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Scammers use the regular mail, telephone, fax or email to set up their victims.
Knowledge is Power! Remember that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action. Recognizing these telltale signs of a phishing or tax scam could save you from becoming a victim.
Last-Minute Email Scams. The IRS, state tax agencies and the tax industry urges taxpayers to be on guard against suspicious activity, especially email scams requesting last-minute deposit changes for refunds or account updates.
Learn to recognize phishing emails, calls or texts that pose as banks, credit card companies, tax software providers or even the IRS. They generally urge you to give up sensitive data such as passwords, Social Security numbers and bank or credit card accounts. Never provide your private information! If you receive suspicious emails forward them to firstname.lastname@example.org. Never open an attachment or link from an unknown or suspicious source!
IRS-Impersonation Telephone Scams. “An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.
Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.”1
The IRS will never:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
- Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
- Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
- Ask for credit or debit card numbers over the phone.
- Remember: Scammers Change Tactics — Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but variations of the IRS impersonation scam continue year-round and they tend to peak when scammers find prime opportunities to strike.
Surge in Email, Phishing and Malware Schemes. “When identity theft takes place over the web (email), it is called phishing. The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets.
Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
Variations of these scams can be seen via text messages. The IRS is aware of email phishing scams that include links to bogus web sites intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though not IRS.gov (with a dot). These emails are not from the IRS. The sites may ask for information used to file false tax returns or they may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information.”
Unsolicited email claiming to be from the IRS, or from a related component such as EFTPS, should be reported to the IRS at email@example.com.
Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel. “Some taxpayers may receive emails that appear to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, where unsolicited emails try to trick victims into providing personal and financial information. Do not respond or click any link. If you receive this scam, please forward it to firstname.lastname@example.org and note that it seems to be a scam email phishing for your information.
TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information.
How to Report Tax-Related Schemes, Scams, Identity Theft and Fraud. To report tax-related illegal activities, you should report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at 800-366-4484.”3
Additional Scam-Related Information:
Security Summit – Learn more about how the IRS, representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators are working together to combat identity theft and refund fraud.
State ID Theft Resources – State information on what to do if you or your employees are victims of identity theft.
IRS Dirty Dozen – The annually compiled list enumerates a variety of common scams that taxpayers may encounter
If you suspect you are a victim, contact the IRS Identity Theft Protection Specialized Unit at 800-908-4490. When reporting to the IRS, you will need to:
- Send a copy of an IRS ID Theft Affidavit Form 14039 – download the form here: irs.gov/pub/irs-pdf/f14039.pdf.
- Send a proof of your identity, such as a copy of your Social Security card, driver’s license or passport.
After doing that, make sure to:
- Update your files with records of any calls you made or letters you sent to the IRS
- Put a fraud alert on your credit reports and order copies of your credit reports to review any other possible damage
- Create an Identity Theft Report by filing an identity theft complaint with the FTC and a police report
Sources and References: