As technology evolves at a rapid rate, scammers and identity thieves are finding increasingly innovative (and, sometimes virtually undetectable) methods of fraudulently obtaining people’s personal and financial information—putting taxpayers at risk of identity theft and other criminal schemes perhaps now more than ever before. Specifically, scammers have been posing as IRS agents for years as an attempted means of convincing unsuspecting individuals to provide their personal information; the level of sophistication of such scams has just increased in conjunction with technological improvements in recent years. As such, it’s of crucial importance to understand the methods by which the Internal Revenue Service contacts and retrieves information from taxpayers, as well as the various types of fraud that have become prevalent in recent years. Staying informed on both of these fronts will help you to protect yourself against falling victim to such activity.
PHISHING
Phishing is a criminal form of social engineering activity, by which criminals attempt to fraudulently trick victims into providing sensitive information like bank account numbers or credentials, social security numbers, log-ins, and other sensitive tax and financial data. Phishing is a growing problem in our internet-dependent society—and a fraud scheme approach that works all too often—because “phishing” emails often appear as legitimate correspondence from trusted, familiar individuals or organizations. Recent email schemes have been carried out by way of criminals hacking into the email of professional tax preparers or human resources personnel, and sending mass emails from those individuals’ accounts. These emails link to websites that imitate the log-in page of a trusted website that intended victims likely frequent, baiting taxpayers to provide payments, passwords and other confidential information. It is also common for phishing emails to infect their victims’ computers/devices or accounts with viruses. In addition to being wary of web links that might lead you down such a path, phishing emails often contain malicious attachments; so it’s imperative that you fully investigate and question the validity of any email attachments, files/downloads and links before clicking or taking action.
Email & the IRS
It’s important to know that the IRS will never send initial correspondence via email about a bill or tax refund–so DO NOT click on emails claiming to be from the IRS. If you believe you have received a phishing email from the IRS, the recommended course of action is to forward it to phishing@irs.gov. Similarly, DO NOT open any attachments, click on any links or reply to the email, and make sure you delete it immediately. The IRS does not reach out by means of any other electronic communication either, such as text messages or social media.
PHONE SCAMS
The IRS has seen a large increase in phone scams in 2018, by which criminals pose as IRS agents and threaten taxpayers into providing personal information and sending money to the scammers for fear of being penalized by the taxing authorities. These unsolicited calls typically demand payment for some sort of fake tax bill, and those behind the calls threaten their victims by telling them that unless a payment is made immediately, the individual will be deported, have their driver license revoked, or even be sent to prison. These scammers use “spoofing” to make their phone numbers look legitimate, often using area codes from the Washington D.C. area. They use IRS employee titles and fake ID numbers to project an aura of authority, and often already have some information about the victim, making their claims seem even more real.
Phone Calls & the IRS
The IRS will never make a call to demand payment by wire transfer or prepaid debit card; proposed bills are always sent through the mail to individuals who owe outstanding taxes, and the mailed correspondence will provide opportunities to appeal and question the amount proposed. Further, the IRS would not threaten to send local police to have someone arrested for not paying their taxes, and they would not ask for bank account numbers over the phone. If you receive a call from someone you think to be impersonating an IRS agent, the recommended course of action is to send an email to phishing@irs.gov. In such a scenario, you should write “IRS Phone Scam” in the subject line and, in the body of your email, describe the phone call and provide whatever supportive information you can (i.e. phone number, “badge” or ID number, fake name of the caller, etc.).
IDENTITY THEFT
Cases of tax-related identity theft peaked in 2015, with 677,000 recorded victim reports. The IRS and state taxing authorities have since enacted many safeguards, including requiring taxpayers who e-file their tax returns to provide driver license information at the time of filing to aid in preventing fraudulent returns. The number of victims of tax-related identity theft has been steadily decreasing, although there were still 242,000 cases reported in 2017. In any case, in response to the IRS and other government agencies’ increasing savvy and success in deterring fraudulent activity, criminals are devising more creative ways each day to steal their victims’ personal information (including the phishing and phone schemes mentioned above).
PAYMENTS TO THE INTERNAL REVENUE SERVICE
Even when paying by check, you should always be aware of who you’re making your payment to. In fact, the IRS will never request federal tax payments be made to any payee other than the U.S. Treasury. State jurisdictions will have similar stipulations in place for taxes owed to a particular state taxing authorities; but if you’re unsure to whom to make out a payment, how to pay it or where to send it, you can always call the Internal Revenue Service (or the appropriate state/local agency) or obtain current information from the IRS website.
WHAT IF IT HAPPENS TO ME?
Especially in this day and age, you should live by the rule that you treat your personal information just like you would cash: don’t leave it lying around! If you are the victim of identity theft, you should first file a complaint with the Federal Trade Commission (FTC) at <identitytheft.gov>. You should also contact one of the three major credit bureaus (Equifax, Experian or TransUnion) to place an immediate fraud alert indication on your credit records. If your e-filed tax return was rejected because someone filed a return using the taxpayer’s (or their spouse’s) SSN, you should complete IRS Form 14039, “Identity Theft Affidavit” and submit it with your paper-filed tax returns. The IRS continues to mail out Identity Protection PINs to taxpayers, who should give that 6 digit code to their tax accountant to input on their tax returns prior to filing.
Sometimes, unfortunately, identity theft is something that just could not have been avoided. Here at FF&F, our experienced tax professionals can assist in both educating you on protection mechanisms to avoid falling victim to theft, and in following the proper sequence of steps if you should become a victim of identity theft. For more information on this topic, or our services, please contact us at info@fffcpas.com or 212-245-5900.
*There are a number of resources available through the Internal Revenue Service website to both protect you from falling victim to identity theft and fraud before it happens, and to inform you of what to do should you encounter it. Please visit the below listed IRS links for additional information.
• Report Phishing and Online Scams
• Phone Scams
• Secure Tax Payment Options
• Tax Scams / Consumer Alerts
• IRS Taxpayer Bill of Rights
John Gontijo, CPA, MBA, is a Tax Manager at Farkouh, Furman & Faccio. He has over 11 years of experience with high net worth individuals, small businesses, and international taxation. Prior to joining FF&F, he worked for a niche CPA firm in NYC which specialized in inbound U.S. tax matters for German, Swiss, and Austrian clients, including Offshore Voluntary Disclosure Programs.