With 2016 in the rearview mirror, Americans find their tax documents slowly arriving in the mail. Tax compliance is exciting for some, and dreadful for others. Despite differing feelings about taxes, every taxpayer wants to avoid being notified their e-filed tax returns were rejected, on the grounds that another return with their personal information was already received.
Fraudsters around the globe steal people’s identities for financial gains, including filing phony tax returns claiming refunds. Below is a discussion on the status of identity tax fraud in 2017, the personal information at risk, the methods used by fraudsters to steal identities, and the safeguards put in place by authorities.
On January 11, the Security Summit released an alert on a new form of phishing, called “email spoofing”, aimed at tax professionals. Email spoofing is when cybercriminals disguise themselves to be trustworthy people or organizations to obtain personal and financial information for malicious reasons. The current scheme is accomplished in a two-step process, and includes the following aspects:
On January 25, the Security Summit released an alert describing a different email spoof that involves cybercriminals tricking payroll and human resource officials into disclosing employee personal and financial information by claiming to be the Chief Executive Officer. The thieves then proceed to file fraudulent tax returns for refunds with the personal information they have stolen. The Security Summit Alert highlighted the following language found in the emails:
In 2015, the Security Summit was formed as a joint effort of the Internal Revenue Service (IRS), state tax agencies, and software providers, to advance the fight against identity theft refund fraud. Some of the safeguards instituted by the Summit partners in 2017 include:
Please remember that the IRS DOES NOT initiate any contact with taxpayers by any type of electronic communications (such as email) seeking personal or financial information. The IRS encourages the reporting of suspicious phishing scams by contacting email@example.com. For additional reading, please consider referencing IRS Publication 4524 Security Awareness for Taxpayers.
Disclaimer: Any written tax content, comments, or advice contained in this article is limited to the matters specifically set forth herein. Such content, comments, or advice may be based on tax statutes, regulations, and administrative and judicial interpretations thereof and we have no obligation to update any content, comments or advice for retroactive or prospective changes to such authorities. This communication is not intended to address the potential application of penalties and interest, for which the taxpayer is responsible, that may be imposed for non-compliance with tax law.