Fighting Back Against ID Theft and Tax-Related Refund Fraud

Identity theft hit an all-time record of 15.4 million victims in 2016. This was up 16% from 2015, according to a Javelin Strategy & Research study. ID thieves stole $16B in ’16, $1 billion more than the prior year. One positive is that certain institutions are getting better at combating this, resulting in the amount of theft per victim on average decreasing. But despite widespread efforts to combat cyber criminals, they have learned to adapt and find workarounds to preventative measures.

Just look at two of the highest profile examples of identity theft in recent memory: Equifax and Target. Neither took the proper security measures, or acted quickly enough to protect people’s confidential financial information. And both wound up paying the price, monetarily and in consumer confidence.  

Identity theft and fraud have now spread to the world of taxation and public accounting. Practitioners must take the approach that it is their obligation and duty to not only protect themselves, their firms and their clients, but the public at-large. By alerting the proper authorities, such as the IRS, they can sound the alarm to a wide audience, which can help prevent future ID theft. Let’s examine a few of the more common ID theft scams:

Going Phishing

One of the most common forms of ID theft is phishing. Here, criminals use electronic communications to obtain personal and financial information. They then use this information to file a fraudulent tax return and receive a refund by check or direct deposit.

We’re seeing tax software phishing scams centered on vendor updates, locked accounts, password updates and tax preparer education. In these instances, the employee is directed—in what looks to be a proper communication—to download software, enter a password or provide other sensitive information, which is then used to defraud the target’s company. To combat phishing, confirm with your IT department or tax software provider. If you discover suspicious activity, email the IRS at Phishing@IRS.gov, or contact the FBI. 

Inside Job

Another type of scheme is where scammers pose as co-workers and high-level executives to steal data. They send emails to HR and payroll department employees, appearing to come from executives from inside the company, asking for payroll data and W-2s. Any doubt? Inform your IT department and email the IRS regarding W-2 theft at dataloss@IRS.gov.

Impersonating an Officer

Another common scam occurs when someone poses as an IRS agent or some other government official, asking for your Social Security number to remedy some sort of tax deficiency. They will send a legitimate-looking email where, upon clicking a link, you will be the recipient of ransomware, malware or some other malicious software that freezes your computer until you pay a ransom (hence the term ransomware). Here, too, you should contact the IRS and/or the FBI.

 Hold the Phone

Recently, many people have been targeted in a phone scam where they are told they owe the IRS and must use a pre-loaded debit card or wire transfer to pay immediately.  If they refuse, they are threatened with arrest. Report these calls   to the Treasury Inspector General for Tax Administration at 800-366-4484. You can also file a complaint with the Federal Trade Commission.

An Ounce of Prevention

The best way not to become a victim is awareness: knowing how taxing authorities initiate contact. The IRS will never:

• Call a taxpayer about taxes owed and payment without having had first mailed them.
• Contact a taxpayer to verify their personal and financial information.
• Demand payment without the opportunity to appeal the amount owed.
• Require a specific payment method.
• Ask for credit or debit card numbers over the phone or email.
• Threaten a taxpayer with law enforcement for lack of payment.

To prevent becoming a victim, you should:

• Examine phishing emails. Their name and website may be almost identical to the real thing.
• Check the IRS website and do a web search to see if this has happened to other individuals.
• Never provide personal or confidential information to an unverified source. 
• Protect your personal data by keeping it somewhere secure.
• Contact financial institutions and agencies to establish the legitimacy of the phone call or email.
• Review all bank and credit card statements for unusual activity.
• Use security software with firewall and anti-virus protection that allows automatic updates.

To prevent becoming a victim of tax return filing fraud (1) follow the above anti-phishing strategies; (2) carefully choose your e-filing or filing partner; (3) monitor communications from the IRS or tax agencies; and (4) encrypt electronic records with strong passwords, and secure and properly dispose of paper records.

File This

You can file forms with the IRS depending on the type of fraud. Form 14039 covers their taxpayer PIN Protection Program. Under this program, taxpayers annually receive a six-digit PIN that must be entered on the tax returns to efile their returns.

Form 3949-A can be filed with the IRS to report suspected tax law violations by a person, a business or both.  Violations include false exemptions and deductions, multiple filings, organized crime, false or altered documents, unreported income, kickbacks, and the failure to withhold tax, file a return or pay tax.

It is important to take a proactive approach by using best practices and safeguards to prevent becoming a victim.  We can all play a part in fighting these fraudsters. However, if you do become a victim, it is critical to act quickly and contact the appropriate organizations.