Cybercriminals are on the prowl, and phishing schemes are surging this year. Stolen information is increasingly being used to file fake tax returns.
IRS experts expect an increase in tax fraud this year. While the agency often is able to identify and catch fraudulent filings, some fake returns do get through. In 2013, for example, the Government Accountability Office found that the IRS stopped $24.2 billion in fake tax return refunds, but still paid out $5.8 billion. Below are a few current schemes to be aware of and some ways you can protect yourself.
It is usually not the same cybercriminals who steal the information and then file the fake tax returns. One set will steal the underlying records or information and then sell it to others, who then file fake tax returns. Given the lucrative nature of phony tax return filing, it creates a large demand for criminals who specialize in stealing the information as medical records are worth more than most sources. Stolen health care records often contain everything an identity thief needs, including Social Security numbers, and as a result can sell for multiples of what credit card records price at on the black market.
Another resurgent scam comes in the form of identity thieves sending out phony emails pretending to be a top level executive at an employee’s company, often the president or CEO. In these emails, the writer demands W-2 files in electronic format, usually with a sense of extreme urgency.
Unlike other “boss request” scams, this set is not targeting individual employees and instead targets human resources and payroll professionals. Phishing for W-2s isn’t a new trick, but it can catch people off guard who have never run into it before. Obtaining a W-2 makes it extremely easy to create a fake tax return and make up huge false refund requests – hence the rise of this scam.
The current crop of these emails is more sophisticated than similar scams in the past. They create more plausibility by only targeting human resources and payroll employees and come from authentic looking email addresses. According to the IRS, some examples of the text in these emails include:
- “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2s of our company staff for a quick review.”
- “I want you to send me the list of W-2 copy of employees’ wage and tax statements for 2015. I need them in PDF file type, and you can send it as an attachment. Kindly prepare the lists and email them to me ASAP.”
Some of the key tip-offs that these emails are phony are the use of the words “kindly”, “PDF” and anything that implies extreme urgency in response time.
There are numerous actions you can take to protect yourself.
- Avoid giving out your Social Security number whenever possible – even to your doctor. While it might be standard procedure, in most cases health care providers do not need your Social Security number.
- File your tax returns as soon as you can each year. The earlier you file, the less time criminals have to file a fake tax return.
- Do not click on any links in emails or call back any numbers left for you in a voicemail as they can compromise your computer and may increase phone calls from scammers.
- If your accountant offers a secure file service to transmit documents electronically, make sure you use it.
If you have been a victim of identity theft, you should monitor your brokerage, bank and credit card accounts for any unusual activity. Finally, always remember that the IRS does not initiate contact with taxpayers by e-mail or phone – only by mail.