Other than accountants and CPAs, it’s a fair assumption that the only people who like tax season are scammers and fraudsters. It’s the time of the year when the bad guys take advantage of the scariest government agency – the IRS – and use our fears to their advantage. On the consumer side, there are threatening phone calls, including a new scam where the caller pretends to be a taxpayer advocate service, and phishing scams.
There are tax scams on the business side, too, that can directly impact your customers’ and employees’ personal information. Tax professionals have become a popular target for fraudsters, as they pretend to be customers or IRS agents on the hunt for real Social Security numbers, tax ID numbers and other identifiers.
The IRS Dirty Dozen
The IRS has released its “dirty dozen” tax fraud schemes, noting the detail of how this information is stolen either directly or indirectly. This list includes:
- Phishing. This tried and true method is used to trick recipients into turning over their personal information. Inside a business, spearphishing mail looks like a legitimate email request coming from someone inside the organization, like HR or the business office, requesting tax-related information. Scams requesting W-2 information have increased in popularity in recent years.
- Inflated deductions and falsifying income details. Unscrupulous tax preparers overstate deductions or claim deductions the taxpayer isn’t entitled to set up a bigger tax refund.
- Tax preparer fraud. Dishonest tax preparers purposely try to scam their customers for their own financial gains.
- Frivolous tax arguments. “Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims about the legality of paying taxes despite being repeatedly thrown out in court,” the IRS explained.
The IRS also breaks down the different groups that are targeted by scammers. The agency warns the taxpayer of scams involving ghosted accounts (bad actors submitting a tax return using a taxpayer’s unique identifiers) and tax scams involving natural disasters and donations. On the business side, the IRS warned that scammers love going after small businesses, with a new favorite scam of sending SMB owners to fake websites to sign up for Employer Identification Numbers.
How to Prevent Attacks and Scams
Your employees are often the greatest threat to your customers’ (and internal) personal information. When they fall for a phishing or phone scam, they unintentionally reveal sensitive information to a stranger, fill out bogus forms on websites or download malware that allows bad guys to take a deep dive into a company network. The best defense is thorough training on basic security hygiene that includes how to identify phishing and spearphishing emails and similar scams. The more they know about detecting a fake email, the less they’ll fall for the scam.
In addition, the National Cyber Security Alliance offered the following tips to protect both consumers and businesses from tax-related scams:
- When in doubt, throw it out: Delete anything that looks suspicious and set up good spam filters that will keep scams from hitting your inbox.
- Lock down your login: Use strong authentication methods to protect tax information, especially for any tax information or preparation conducted online.
- Get savvy about Wi-Fi hotspots: Public Wi-Fi is a playground for hackers. Never use public Wi-Fi connections to send sensitive information, including tax documents.
- Think before you act: Learn how scammers try to impersonate the IRS and other tax agencies. The IRS won’t call or send email and they won’t solicit money on the phone or threaten you with jail time.
- Ask if your tax preparation service has checked for malware issues and if your tax preparer’s business is cybersecure. You should also ensure that your network is free from malware issues before sharing any sensitive tax-related data.