The IRS has kicked off its 2019 ‘Dirty Dozen’ campaign alerting taxpayers about the dangers of the most common tax-related phishing scams that result in tax fraud and identity theft.
Every year the IRS supplies provides taxpayers, businesses, and tax professionals with 12 most seen phishing and tax scams to increase awareness of the most prevalent threats.
For the entirety of tax season, hackers are highly active and seek tax data to commit identity theft and submit fraudulent tax returns. Every year, many consumers are tricked into sharing their personal information and scores of groups fall victim to these scams and share the tax information of workers to scammers. The scams are carried out over the phone, via text messages, on social media platforms, websites, and using email.
On March 4, 2019, the IRS initiated 2019’s Dirty Dozen campaign with an alert about the most serious threat during tax season – phishing. On each of the following 11 weekdays, the IRS will focus on a different scam.
Tax-related phishing scams are often well disguised. Emails are sent that seem to be from the IRS threatening fines or legal action or offering large refunds for overpayment of tax. The sender name is often made up, IRS logos are used, and the emails usually ask for an urgent response. Regardless of the theme, the tax-related phishing scams have one main aim: To obtain personal data.
A new phishing scam was discovered this year which led to a warning from the IRS in February. Targeted tax professionals were being focused on to obtain client data. Fraudulent tax returns were then submitted using the stolen data and the IRS sent tax refunds to taxpayers’ accounts via direct deposits. The taxpayers were then contacted by the hackers, who pretended to be debt collection agents acting for the IRS to reclaim payments that had been made by mistake.
Payroll offices and human resources departments need to be on constant alert during tax season for tax-related phishing scams that try to obtain form W-2 information. Emails are issued to payroll/HR staff requesting W-2 form information for all workers that have worked in the past financial year. The emails are either shared from a compromised email account within the group – titled a business email compromise (BEC) attack – or they use an similar to that of a high-level executive – referred to as a business email spoofing (BES) attack.
Other types of these attacks include requesting changes to the direct deposit information of employees, payment of fake invoices, or requests for fraudulent wire transfers. Email scams are also carried out to spread malware that logs keystrokes and obtains sensitive data.
The IRS outlined that, in most cases, contact with taxpayers is not initiated by the IRS via email to ask for personal or financial information. Anyone receiving a tax-related phishing scam email that spoofs the IRS should send the message to firstname.lastname@example.org
IRS Commissioner Chuck Rettig said : “Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS. Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”