Criminals have been fraudulently “reeling in” personally identifiable information from unsuspecting souls for decades. One increasingly common way that criminals reel in that information is through the act of “phishing” (pronounced fishing) by phone or email. Scammers often phish by using “robocalls” and mass mailings and emails to imitate or spoof real or seemingly official phone numbers, letters, emails, and email addresses. Such scams have become so prevalent that in its 2019 “Dirty Dozen” list of frauds and scams, the Internal Revenue Service (IRS) warned taxpayers, businesses, and tax professionals to be on alert for these fake emails and phone calls.
Imagine the following typical scenarios:
- Your cell phone rings, and you don’t recognize the number. You hesitate before answering, but because caller ID indicates the call is from the IRS, you feel that you should. The scammer, claiming to be an IRS revenue agent and providing a false IRS ID number, soon becomes aggressive and insistent. Under threat of arrest and jail time, you are told that you must immediately pay a large IRS debt with a pre-paid card.
- When checking your email, you see official-looking correspondence with the IRS logo. The email instructs you to click on a website link to pay your bill or get further information. It might even insist you reply to the email and send personally identifiable information, such as your Social Security number or date of birth.
If you have experienced one of these scenarios, you have been the target of a phishing scam. However, phishing scams don’t always take these exact shapes— sometimes there are variations. In a June 5, 2019, IRS reminder (IR-2019-104), two new versions of these tax-related schemes were reported. One involved “a scammer claiming to be able to suspend or cancel the victim’s Social Security number.” The other centered on a “snail mail” letter threatening an IRS lien or levy for taxes owed to the fictional “Bureau of Tax Enforcement.” According to the reminder, the lien notification scam “likely references the IRS to confuse potential victims into thinking the letter is from a legitimate organization.”
Regardless of the tactics used, the criminals are out there, working diligently to get your personally identifiable information and money. If they are successful, the result can be tax-related identity theft, which became, at 29.2%, the single largest category of consumer identity theft in 2016, the year it was first tracked separately (as Tax Fraud) by the Federal Trade Commission.
When tax-related identity theft happens, the perpetrators file fraudulent tax returns using taxpayers’ Social Security numbers and dates of birth, and typically seek refunds. Unfortunately, tax-related identity theft often goes undetected until after the real taxpayers’ income tax returns have been electronically filed and rejected by the IRS because of the previously filed fraudulent returns. For victims of tax-related identity theft, the fallout can be catastrophic and might include such things as refund delays (sometimes up to 6 months), unnecessary audits, the assessment of tax liabilities that don’t belong to the taxpayer, the taxpayer’s inability to timely file a legitimate return resulting in non-compliance with tax laws, or even lost employment opportunities.
Given the serious implications, what can we do to protect ourselves?
Guard your personally identifiable information. Never reply to an email with personal details, and do not give your personally identifiable information over the phone to someone you do not know. The IRS will never initiate contact via email, phone, or social media. If there is a problem with your tax return, or if you have a tax liability, the IRS will initiate contact via a letter mailed to the address on your tax return. Your accountant or tax preparer should ask you to send information only via secure channels. If you cannot verify the sender’s identity or the email’s origin, give no information until you have verified the legitimacy of the source or request.
Don’t take the bait: ignore phishy emails. Do not reply to emails purporting to be from the IRS, and do not click any email links, which could take you to a fraudulent website or install a virus or other malware on your electronic device. Although phishers can make these emails look convincing, remember that the IRS will never contact you via email. The IRS is diligent in its efforts to track down these scammers and shutdown their operations, and has set up an address where you can forward these fraudulent emails: email@example.com.
Change passwords often. Frequently update the passwords on your financial accounts, and use different passwords for each account. If phishing scammers cannot access your identifying information, then it becomes more difficult for them to steal from you in this way. Be diligent with passwords. If you think you have been the victim of a phishing scam, immediately change all your passwords and contact the IRS and all your financial institutions.
On June 19, 2019, the IRS announced that the Electronic Tax Administration Advisory Committee (ETAAC) released its annual report to Congress, highlighting recommendations focused on identity theft and refund fraud prevention. In the report, the ETAAC outlines 10 recommendations that fall under the following categories: enabling and expanding the IRS-sponsored Security Summit, improving security in key areas of the tax system, and protecting and enabling taxpayers.
Ultimately, vigilance and protecting personally identifiable information are the best defenses against phishing attempts. When in doubt, do not engage in a phone conversation or answer an email, and promptly notify the IRS or a tax professional.
If you would like more information about tax-related phishing scams or best practices in protecting your personally identifiable information or other assets, or would like assistance with any matter involving tax preparation, tax planning, asset protection strategies, or business advice, contact a PYA executive below at (800) 270-9629.
© 2019 PYA
No portion of this article may be used or duplicated by any person or entity for any purpose without the express written permission of PYA.