There are said to be two certainties in life: death and taxes. The latter has apparently become a cash cow for all sorts of thieves, including sophisticated criminal enterprises.
Tax-related scams tend to peak during filing season, but they are a pervasive and constantly evolving threat, cheating individuals and the federal government out of millions of dollars each year. Many are designed to get taxpayers to fork over personal information or to infect their computers with malware, enabling crooks to access sensitive data or track keyboard strokes.
Identity-theft refund fraud. The scam, which topped this year’s Dirty Dozen list, typically works like this: Crooks use stolen information, including victims’ names and Social Security numbers, to submit tax returns (at the state and/or federal levels) early in the filing season and claim fraudulent refunds.
“Crooks have found that this is easier, relatively speaking, than other criminal enterprises, such as running drugs,” said Kay Bell, a tax analyst for Bankrate.com. “It’s the organized crime of the 21st century.”
The rise in refund fraud has coincided with the spike in hacks of companies and government agencies that hold sensitive consumer data. In the last couple years, upward of 120 million Social Security numbers, representing more than one-third of the U.S. population, were exposed in just four breaches, according to Adam Levin, chairman of consulting firm IDT911. The breaches included hacks of Anthem, Premera Blue Cross, Excellus BlueCross BlueShield and the U.S. Office of Personnel Management.
According to a Government Accountability Office report, there was an estimated $25.6 billion in attempted identity-theft refund fraud in 2014. The IRS managed to recover or prevent the payout of $22.5 billion of that. But it paid out $3.1 billion in refunds to thieves posing as tax filers, according to the report, which cites IRS data.
“Refund fraud has been taking place for some time, but two years ago it spiked, particularly at the state level,” said David Williams, chief tax officer for tax-prep software company Intuit, which is taking part in a public-private partnership, formed in 2015, to combat the rampant problem.
The IRS has made some inroads through enhanced information-sharing with its Security Summit partners, which include state tax agencies and large tax-prep companies, and through other initiatives.
“Choose your tax-return preparer carefully, because you entrust them with your private financial information that needs to be protected”
“The goal here is to tighten every vulnerable point in the tax ecosystem,” explained Williams.
Phone scams and phishing emails. Many Americans have been on the receiving end of disturbing phone scams and phishing emails, which ranked second and third, respectively, on this year’s Dirty Dozen list.
Threatening phone calls by crooks impersonating IRS agents have become a national epidemic. The imposters — who often alter caller ID numbers to make it appear as though they are calling from the IRS or another agency — may demand payment for a bogus tax bill, conning scared victims into sending cash, usually through prepaid debit cards or wire transfers. They often threaten to arrest, deport or revoke the driver’s licenses of those who don’t cooperate.
In some cases, robo-callers leave “urgent” call-back requests or try to get potential victims to unknowingly respond to phishing emails. The official-looking emails may contain links that infect computers with malware or direct victims to bogus websites.
Since October 2013, consumers have reported nearly 900,000 phone contacts by scammers to the office of the Treasury Inspector General for Tax Administration. During the same time period, more than 5,000 victims of phone scams have collectively paid more than $26.5 million to crooks.
Phone scams and phishing emails, according to the IRS, tend to peak when crooks spot prime opportunities to strike. During this year’s back-to-school season, for instance, the IRS issued a warning about phone scammers targeting students and their parents by demanding payment for a bogus “federal student tax.” Scammers who got pushback threatened to have students arrested.
In September the IRS warned consumers and tax professionals of another doozy — a wave of phishing emails supposedly containing Obamacare-related tax bills. Many of the emails have an attachment, a fake CP2000 notice. The notice is used by the IRS to inform tax filers that it has received information from a third party that doesn’t match the income numbers reported on their returns. The notice is always sent by mail, never by email.
Phone scams and phishing emails “are designed to do three things: Put malware on your computer, get you to go to a clone website where you give up too much personal information or just get you to pay by scaring you,” said Levin of consulting firm IDT911.
“What you need to remember is that the IRS never calls, emails or yells at you,” said Levin, author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.”
“They certainly don’t ask you to put money on an iTunes gift card or to run out and wire money.”