Latest tax scam holds your info for ransom
Most of us find it nerve-racking enough that we’re forced to focus on gathering our piles of paperwork to fill out our tax returns.
Now adding to our stress, we must watch out for tax season scam artists, too. The crooks are everywhere from the gym parking lot to the latest emails and text messages.
A new trend: Expect an increase in ransomware attacks in 2020 on tax preparers where time-sensitive files may be frozen and only thawed when tax preparers pay a ransom to the hackers, according to Adam Levin, founder of CyberScout, which offers identity theft protection and data security.
Levin said sometimes a ransom is paid, the files are released and the hackers still use data that has been stolen to file false tax returns.
Fraudsters want your Social Security number and other key personal information in order to file fake tax returns as early as they can in the season to claim inflated tax refunds.
So, the con artists will be busy long before the April 15 tax deadline.
The crooks want to e-file tax returns before you do because they know that the Internal Revenue Service system will reject a tax return when the IRS has already received another return using the same Social Security number. The IRS will first process e-filed tax returns on Jan. 27.
One huge red flag for ID theft: You discover that you can’t e-file your tax return because of an issue relating to a duplicate Social Security number. (The IRS will also reject an e-filed return for basic errors, such as if you misspelled the name the IRS has on file, but you would be able to resubmit an e-file in many cases if the issue is properly corrected.)
If you discover that a fraudulent tax return has been filed with your Social Security number, you must first file IRS Form 14039 to alert the IRS that you’re a victim of ID theft.
In 2018, the 649,000 confirmed fraudulent returns attempted to claim $3.1 billion in refunds, according to the IRS.
The IRS said it stopped 597,000 tax returns filed by identity thieves claiming $6 billion dollars in 2017 tax refunds. As part of a Security Summit Initiative, the IRS is working with representatives of state tax agencies, tax preparation firms, payroll processors and others to combat tax refund fraud that hinges on stolen personal information.
The crooks get a leg up by stealing key information to make their fake returns look more legitimate. Much financial information is already out there after major data breaches such as those at Equifax, the U.S. Office of Personnel Management and Anthem. But cybercriminals are still actively seeking Social Security numbers and other data, too, with tricks as common as a phishing email that targets tax professionals, retirees or business owners.
Here’s a rundown on some of the latest scams:
They’re calling, again, about your Social Security account
Crooks are claiming that there is a problem with your Social Security account. Some may tell you that your Social Security number has been suspended. It’s another attempt to scare you into returning a robocall.
Many demand action now. Some want you to “verify” your financial information, such as your Social Security account and banking information. Others might demand money on a gift card or Bitcoin.
In January, the Inspector General of Social Security warned that telephone scammers may take the next step by sending phony documents by email to convince potential victims that they must comply with the fraudster’s demands. The attachments may involve letters that appear to be from Social Security or the Social Security Office of the Inspector General. But retirees and others shouldn’t be fooled by official-looking letterhead and government jargon.
A new online system was announced in November to report Social Security scams online at oig.ssa.gov.
Never provide sensitive information — or authenticate yourself — to someone who contacts you out of the blue, Levin said. Don’t trust caller ID.
Business owners, does that IRS notice seem weird?
ID thieves are increasingly showing sophisticated knowledge of the tax code and even aiming to file fraudulent tax returns relating to a business or partnership, according to the IRS.
Business owners are warned that one sign of trouble is that the company may fail to receive routine correspondence from the IRS because the thief has changed the address for the business. Or you might receive an IRS notice that doesn’t seem to make sense based on your business or tax situation.
Tax preparation software for business-related returns now requests more information to protect the tax filer, including the name and Social Security number of the company executive authorized to sign the corporate tax return.
Sophisticated phishing scams are targeting payroll offices, too, and requesting W-2 information. Scammers might pose as the CEO or vice president of the company’s payroll organization trick someone with access to data into disclosing sensitive information for the entire workforce.
“This scam has emerged as one of the most dangerous phishing emails in the tax community,” according to H&R Block’s Tax Institute.
The W-2 scam has hit all types of organizations — big corporations, small businesses, public schools, universities, hospitals, tribal governments and charities.
“Never click on a link or open an attachment without independent confirmation of the sender,” Levin warns.