IRS Warns About Tax-Related Phishing Scams

The IRS has launched its 2019 ‘Dirty Dozen’ campaign, which cautions taxpayers about the 12 most commonly encountered tax-related scams which are conducted to gain access to information that can be used for identity theft and tax fraud.

Every year the IRS gives taxpayers, businesses, and tax experts information about the 12 most frequent phishing and tax scams to increase awareness of the most serious risks.

Every tax season, cybercriminals step up their efforts to obtain personal information of consumers to allow them to submit fake tax returns. Every year, a lot of consumers are tricked into providing personal data to scammers and scores of companies fall prey to tax scams and reveal the tax information of their staff to fraudsters. The scams are carried out over the telephone, through text messages, on social media sites, web pages, and through email.

On March 4, 2019, the IRS unveiled the Dirty Dozen campaign which starts with a warning about tax-related phishing scams. For 12 consecutive weekdays, a further scam warning will be issued.

Phishing scams can be difficult to identify and many are highly sophisticated. Scammers impersonate the IRS and send fake notifications to consumers about impending financial penalties or legal action. Some scams claim consumers are entitled to a large tax refund due to tax overpayment. Irrespective of the subject, tax-linked phishing scams only have one objective: To steal personal data.

The IRS detected a new phishing scam this year, prompting a warning to be issued in February. The scam targeted tax filers. First access was gained to tax filers’ systems, client data were stolen, and fraudulent tax returns were filed. When the IRS issued tax refunds to taxpayers via direct deposit, they were contacted by the scammers who posed as the IRS or a debt collection agency acting on behalf of the IRS. they were instructed to return the tax refunds as they had been made in error. Account details were supplied for that purpose: Accounts that were under the control of the scammers.

Payroll offices and human resources departments should watch out during tax season for tax-linked phishing scams that try to get form W-2 details. Emails are delivered to payroll/HR staff asking for W-2 form details for all personnel who have been paid during the last financial year. This type of scam includes business email compromise (BEC), where email accounts are hacked and messages are sent from the hacked accounts, or business email spoofing (BES), where the attacker spoofs an executive’s email address.

Variations of these attacks include asking for alterations to the direct deposit information of employees, requesting payment for fake invoices, or fraudulent wire transfers. Some email scams are conducted to spread malware.

Taxpayers must be on alert for these phishing scams and should not open message attachments nor click on links in emails that are tax related. if in doubt about a potential tax issue, contact the IRS directly.

The IRS has said that it does not initiate contact with taxpayers via email requesting personal or financial data. Anyone who receives a scam email that impersonates the IRS should forward the messages to phishing@irs.gov.