August 14, 2020
Each year, the IRS compiles a list of 12 common tax scams that taxpayers may encounter during the year. This year, the “dirty dozen” list focuses on scams that target individual taxpayers, with special emphasis on aggressive and evolving schemes related to COVID-19 tax relief. Included on the list are scams related to Economic Impact Payments (EIPs), which were sent to eligible taxpayers by the federal government to help mitigate the effects of the pandemic.
Here’s the 2020 list of scams:
1. Phishing
Some criminals pose as someone from an organization you recognize and then send mass emails under your name. They may pretend to be employees of a bank, credit card company, tax software provider or government agency. Criminals even create websites that appear legitimate but contain phony login pages. When you open a phishing email or click on a link it contains, your personal information may be compromised.
What do hackers stand to gain through phishing scams? The bogus emails and websites may infect your computer with malware without you even knowing it — and you may inadvertently forward the malware to people in your contacts list. The malware may give criminals access to sensitive files or allow them to track your keyboard strokes, exposing personal and log-in information.
These scams have been on the IRS list for years. But, there’s a new twist for 2020. The IRS Criminal Investigation division has seen a tremendous increase in phishing schemes utilizing emails, letters, texts and links using keywords such as:
- Coronavirus,
- COVID-19, and
- Stimulus.
For example, the perpetrator may impersonate a representative from a health agency, such as the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC). They may ask for personal information, such as your Social Security or bank account number, or instruct you to click on a link to a survey or website. The IRS warns that it will never initiate contact with taxpayers via email about a tax bill, refund or EIPs.
To see where your organization stacks up when it comes to cybersecurity, consider GRF’s Cybersecurity Scorecard or use our Risk Checklists to identify vulnerabilities.
2. Fake Charities
Criminals frequently exploit natural disasters and other situations, such as the COVID-19 pandemic, by setting up fake charities to steal from people trying to help in times of need. Fraudulent schemes normally start with unsolicited contact by telephone, text, social media, email or in-person using a variety of tactics.
Bogus websites use names similar to those of legitimate charities to trick people to send money or provide personal financial information. They may even claim to be working for or on behalf of the IRS to help victims file casualty loss claims and get tax refunds. Taxpayers should be suspicious of charities with names that sound like those of well-known organizations.
3. Threatening IRS Impersonator Phone Calls
Impersonation scams come in many forms. A common scam is bogus threatening phone calls from a criminal claiming to be with the IRS.
The IRS states it will never threaten a taxpayer or demand immediate payment, ask for financial information over the phone, or call about an unexpected refund or EIP. If you receive calls or other communications from individuals claiming to be from the IRS and offering COVID-19 stimulus payments in exchange for personal financial information, an advance fee or charge of any kind, it’s a scam. Please contact your tax advisor or the Treasury Inspector General for Tax Administration (TIGTA) to help identify and stop these impersonators.
4. Social Media Scams
Taxpayers should protect themselves against social media scams, which frequently use situations like COVID-19 to try tricking people. Social media enables anyone to share information with anyone else on the Internet and scammers use that information for a wide variety of scams.
To protect against these scams, the IRS generally recommends limiting your social networking footprint. If you post too much information about yourself and your family on social media sites, an identity thief can find information about your life and then use it to answer “challenge” questions on your accounts — or to access your money and personal information.
For example, during the pandemic, many people post pictures from road trips on Facebook or Instagram. But doing so tells would-be thieves that no one is home. Consider limiting access to your networking page to a small group of people. Don’t post your full name, Social Security number, address, phone number or passwords on publicly accessible sites.
5. EIP or Refund Theft
Refund theft has been on the “dirty dozen” list for many years. But this year, in addition to stealing tax refunds, criminals have turned their attention to stealing EIPs provided under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. Criminals may also use stolen information to file false tax returns or supply other bogus information to the IRS to divert refunds to wrong addresses or bank accounts.
If you need assistance getting an EIP, visit the IRS’s Coronavirus Tax Relief page or call your tax advisor. He or she can help you understand whether you’re eligible for a payment and track down your EIP checks.
6. Senior Fraud
Be on alert for tax scams targeting older Americans. Seniors are more likely to be targeted and victimized by scammers than other segments of society. In recent years, thousands of senior people have lost millions of dollars and their personal information to tax scams and fake IRS communication.
Older Americans’ increasing engagement with Facebook and other social media platforms gives scammers another way to engage with seniors. The IRS warns seniors and the people who care about them to be alert for a continuing surge of fake emails, text messages, websites and social media attempts to steal personal information.
7. Scams Targeting Non-English Speakers
Scammers often target groups with limited English proficiency. These scams are often threatening in nature. The IRS recommends that taxpayers who receive these types of phone calls should ignore the threats and not engage with the scammers.
For example, an IRS impersonator might call a non-English-speaking taxpayer who recently immigrated from another country. The caller might demand immediate payment and threaten jail time, deportation or revocation of a driver’s license, unless the demand is met.
8. Return Preparer Fraud
The vast majority of tax professionals provide honest, high-quality service. But some dishonest preparers perpetrate refund fraud, identity theft and other scams that hurt taxpayers.
For example, so-called “ghost” return preparers don’t sign the tax returns they prepare. They may 1) print prepared tax returns and tell taxpayers to sign them and mail them to the IRS, or 2) not digitally sign e-filed returns as paid preparers. By law, paid preparers must sign and include their Preparer Tax Identification Numbers (PTIN) on returns.
Other red flags include preparers who:
- Promise inflated refunds by claiming fake tax credits,
- Ask the taxpayer to sign a blank return,
- Guarantee a big refund before looking at the taxpayer’s records, or
- Charge fees based on a percentage of the refund.
Important: Anyone can be a paid tax return preparer as long as they have a PTIN. Tax return preparers have differing levels of skills, education and expertise. Always research your preparer’s credentials. Choose a licensed professional with years of experience and an established reputation in your business community.
9. Tax Debt Resolution Companies
Taxpayers should beware of tax debt resolution companies that exaggerate their ability to settle tax debts for “pennies on the dollar” through an offer in compromise (OIC). An OIC allows a taxpayer to settle a tax debt for less than the full amount owed. It may be a legitimate option if a taxpayer can’t pay the full tax liability or doing so creates a financial hardship.
However, as the IRS notes, to qualify for an OIC, taxpayers must meet very specific criteria. Contact your tax professional to see if you qualify for an offer-in-compromise and obtain an estimated offer amount.
10. Fake Payments with Repayment Demands
Criminals are always finding new ways to trick taxpayers into believing their scams. This includes putting a bogus refund into a taxpayer’s actual bank account.
Here’s how the scam works: The scammer files a bogus tax return and has the refund deposited into the taxpayer’s checking or savings account. Once the direct deposit hits the taxpayer’s bank account, the scammer calls him or her posing as an IRS employee and asks the taxpayer to return the refund using a specific type of gift card.
The IRS will never demand payment by a specific method. There are many payment options available to taxpayers. There’s also a process through which taxpayers have the right to question the amount of tax owed. The IRS recommends that, if you receive an unexpected refund followed by a call demanding a refund repayment, you should reach out to their bank and the IRS. You can also contact your tax advisor for help.
11. Payroll and HR Scams
The IRS warns employers and others to be on guard against phishing scams designed to steal Form W-2s and other tax information. The prevalence of these Business Email Compromise (BEC) or Business Email Spoofing (BES) scams has grown with many businesses closed and their employees working from home due to COVID-19. Two common types are:
- Gift card scams. A compromised email account may be often used to send a request to purchase gift cards in various denominations.
- Direct deposit scams.Here, the fraudster gets access to a victim’s email account and impersonates the potential victim to change the victim’s direct deposit information to reroute their deposit to an account the fraudster controls.
BEC/BES scams have used a variety of ploys, including requests for wire transfers and payment of fake invoices. In recent years, the IRS has observed variations of these scams where fake IRS documents are used in to lend legitimacy to bogus requests. The Direct Deposit and other BEC/BES variations should be forwarded to the Federal Bureau of Investigation Internet Crime Complaint Center (IC3) where a complaint can be filed. The IRS requests that Form W-2 scams be reported to: phishing@irs.gov.
12. Ransomware
Scammers may entice taxpayers to download malware that looks for and locks critical or sensitive data on a victim’s computer with its own encryption. In some cases, entire computer networks can be adversely impacted.
Scammers may use a phishing email to trick a potential victim into opening a link or attachment containing the ransomware. These emails may include solicitations to support a fake COVID-19 charity or allegedly contain information about EIPs.
Don’t Engage
The IRS urges taxpayers to be aware of these scams and not to engage with potential scammers online or on the phone. If you have questions or concerns, contact your tax advisor.
© 2020