In today’s technology driven world, the unfortunate reality is that cyber breaches will happen. The Internal Revenue Service recently announced that cybercriminals gained access to personal data from more than 700,000 taxpayer accounts in 2015. A majority of the information is taken from the IRS database, but hackers are beginning to use aggressive and threatening phone calls or emails impersonating IRS agents to gain information directly from taxpayers. It’s important to know how to protect yourself from these unsolicited phone calls and emails and what to do if your information has been compromised.
The IRS, and many states, are now encouraging tax returns to be electronically filed. Many people believe by electronically filing, they are more susceptible to having their information compromised. This is not accurate. These cybercriminals are attacking the IRS online application called “Get Transcript.” This application allows for taxpayers to obtain prior-year tax return information. Whether a taxpayer files electronically or not, each taxpayer has the ability to pull this type of transcript. By accessing prior year tax data, cybercriminals are able to file false returns with more accuracy, making it harder for the IRS and states to detect. The IRS estimated that the government paid out about $5.8 billion in fraudulent refunds to these cybercriminals in 2013.
If the IRS detects that a suspicious return has been filed, they will send a letter to the taxpayer asking to verify certain information. However, most taxpayers become aware of suspicious activity when they try to electronically file their return. The IRS will reject any return immediately if their database shows a duplicate filing for any Social Security number (SSN). This is an advantage of electronically filing versus paper filing. If a taxpayer’s return is rejected and suspects fraudulent activity has occurred, the IRS recommends paper filing your return and attaching a completed Form 14039, Identity Theft Affidavit. Going forward, the IRS would offer free credit protection and issue a specific identification number to use with the filing of future tax returns.
While fraudulent returns are out of taxpayers’ control, taxpayers are able to limit the personal information they release. Scammers have started using phone calls, emails and text messages impersonating IRS agents to gain information directly from taxpayers. These scammers use the IRS name, logo and fake websites to try and steal money and information.
The IRS has seen an approximate 400 percent surge in phishing and malware incidents so far in the 2016 tax season. The phishing schemes cover a wide variety of topics including, information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Some of their emails will include links that carry malware which can infect taxpayers’ computers and allow criminals to access personal information. If a taxpayer happens to receive a suspicious email, the IRS asks taxpayers to forward the email immediately to firstname.lastname@example.org.
The impersonated telephone scammers are typically aggressive and want the taxpayer to act immediately. The scammers will ask taxpayers to pay their tax over the phone or even ask for personal information if a refund is due. These scammers will also leave voicemail messages asking for an urgent callback. If a taxpayer is suspicious about a phone call, they should hang up immediately. The IRS asks that the taxpayer contact TIGTA immediately using their “IRS Impersonation Sam Reporting” webpage https://www.treasury.gov/tigta/contact_report_scam.shtml or by calling 800-366-4484.
Here are several tips that will help avoid these scams:
The IRS will NOT:
- Call and demand immediate payment. The IRS will not call about payments without first sending a bill or notice in the mail.
- Demand tax payments and not allow taxpayers to ask questions or appeal the amount owed.
- Require a taxpayer to pay an outstanding payment using credit or debit cards.
- Ask for debit or credit card numbers over the phone.
- Threaten to bring in local police or other agencies to arrest the taxpayer if they do not pay.
- Threaten taxpayers with a lawsuit.
- Initiate correspondence with taxpayers using email or text message.
Here at DWM, we advise our clients and other taxpayers to get their CPA, or tax professional, involved immediately with any correspondence from the IRS, especially ones involving tax-related identity theft. Corresponding with the IRS can seem overwhelming, so get help. For those clients that self-prepare their returns, we ask that you let us know if you receive any notices or suspect suspicious activity involving your tax information. We’ll do everything we can to help you not become a victim.