Tag Archives: IRS

The Dirty Dozen tax scams: Identity theft, phone scams and phishing schemes, oh my!

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

It’s that time of the year again – tax season is upon us.

Recently, the Internal Revenue Service wrapped up its annual “Dirty Dozen” list of tax scams. This year, identity theft topped the list, but phone scams and phishing schemes also deserve special mentions. It’s important that taxpayers guard against ploys to steal their personal information, scam them out of money or talk them into engaging in questionable behavior with their taxes. While discussing the topic of tax scams, IRS Commissioner John Koskinen said:

“We are working hard to protect taxpayers from identity theft and other scams this filing season. . .Taxpayers have rights and should not be frightened into providing personal information or money to someone over the phone or in an email. We urge taxpayers to help protect themselves from scams — old and new.”

In addition to releasing the “Dirty Dozen” list, the IRS has also renewed a consumer alert for email schemes. This renewal came after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season.

We encourage taxpayers to review the list in a special section on IRS.gov and be on the lookout for the many different forms of tax scams. Many of these con games peak during filing season as people prepare their tax returns or hire someone to do so.

Taking a closer look at this year’s “Dirty Dozen” scams

Here‘s what you should keep your eyes open for throughout this tax season:

Identity theft: Taxpayers need to watch out for identity theft — especially around tax time. The IRS continues to aggressively pursue the criminals that file fraudulent returns using someone else’s Social Security number. Though the agency is making progress on this front, taxpayers still need to be extremely careful and do everything they can to avoid being victimized.

Phone scams: Phone calls from criminals impersonating IRS agents remain an ongoing threat to taxpayers. The IRS has seen a surge of these phone scams in recent years as scam artists threaten taxpayers with police arrest, deportation and license revocation, among other things.

Phishing: Taxpayers need to be on guard against fake emails or websites looking to steal personal information. The IRS will never send taxpayers an email about a bill or refund out of the blue, so don’t click on one claiming to be from the IRS.

Return preparer fraud: Be on the lookout for unscrupulous return preparers. The vast majority of tax professionals provide honest high-quality service, but there are some dishonest preparers who set up shop each filing season to perpetrate refund fraud, identity theft and other scams that hurt taxpayers.

Offshore tax avoidance: The recent string of successful enforcement actions against offshore tax cheats and the financial organizations that help them shows that it’s a bad bet to hide money and income offshore. Taxpayers are best served by coming in voluntarily and getting caught up on their tax-filing responsibilities.

Inflated refund claims: Be wary of anyone who asks taxpayers to sign a blank return, promises a big refund before looking at their records, or charges fees based on a percentage of the refund. Scam artists use flyers, ads, phony store fronts and word of mouth via trusted community groups to find victims.

Fake charities: Be on guard against groups masquerading as charitable organizations to attract donations from unsuspecting contributors. Contributors should take a few extra minutes to ensure their hard-earned money goes to legitimate and currently eligible charities.

Falsely padding deductions on returns: Taxpayers should avoid the temptation of falsely inflating deductions or expenses on their returns to under pay what they owe or possibly receive larger refunds.

Excessive claims for business credits: Avoid improperly claiming the fuel tax credit, a tax benefit generally not available to most taxpayers. The credit is generally limited to off-highway business use, including use in farming. Taxpayers should also avoid misuse of the research credit.

Falsifying income to claim credits: Don’t invent income to wrongly qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers are sometimes talked into doing this by scam artists. This scam can lead to taxpayers facing big bills to pay back taxes, interest and penalties and in some cases, criminal prosecution.

Abusive tax shelters: Don’t use abusive tax structures to avoid paying taxes. The vast majority of taxpayers pay their fair share, and everyone should be on the lookout for people peddling tax shelters that sound too good to be true. When in doubt, taxpayers should seek an independent opinion regarding complex products they are offered.

Frivolous tax arguments: Don’t use frivolous tax arguments in an effort to avoid paying tax. Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims even though they are wrong and have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.

Proceed with caution while filing taxes

Perpetrators of illegal scams can face significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice to shut down scams and prosecute the criminals behind them. Taxpayers should remember that they are legally responsible for what is on their tax return even if it is prepared by someone else. Be sure the preparer is up to the task.

For more information about tax scams, check out the IRS on YouTube.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Fake IRS claims: What happens when data falls into the wrong hands

Over the past 18 months we have witnessed monumental data breaches affecting tens of millions of users. As consumers though, do we worry about what happens to our leaked data?  Are attackers aggregating it with other sources, are they applying for credit in my name or even using medical services?

We should be concerned and the latest disclosure from the I.R.S. demonstrates what can be done when  attackers gain access to our valuable personal information. Using Social Security numbers, dates of birth, home addresses and other personal information, cyber criminals have accessed over 100,000 past tax returns.

Once they have the past return, they can file a new return with new data including the refund destination account. As a result, the IRS issued $50 million in refunds before detecting the intrusion method.

Fraudulent tax claims are nothing new to the I.R.S. In 2013 the agency paid out a massive $5.8 billion in falsely claimed refunds. IRS spokesperson, John Koskinen, said “These are extremely sophisticated criminals with access to a tremendous amount of data.”

Cyber criminals have amassed a huge amount of data through the many data breaches but also through our own propensity to share our data without due consideration. The IRS has successfully put a stop to this particular form of attack, but  with so much data available, it’s only a matter of time before the bad guys work out another way to make fraudulent use of it.

 

What can you do to protect against identity theft?

Avoid Cold Calls: If you don’t know the person calling then do not hand over payment or personal details. If in doubt, hang up and call the organization directly to establish you are talking to legitimate operators.

Set privacy Settings: Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.

Destroy documents: Make sure you shred documents before disposing of them as they can contain a lot of personal information.

Check statements and correspondence: Receipts for transactions that you don’t recognize could show up in your mail.

Use strong passwords and two factor authentication: See my previous blog post on this, complex passwords can be remembered simply!

Check that sites are secure: When you are sending personal data online, check that the site is secure – there should be a padlock in the address or status bar or the address should have a ‘https’ at the start. The ‘s’ stands for secure.

Updated security software: Always have updated antivirus software as it will block access to many phishing sites that will ask you for your personal data.

 

If you believe that you have been affected by a data breach, be sure to take out any identity protection service offered to you as compensation. These services scour the Internet looking for your data being misused or sold.

 

You can follow me on twitter @tonyatavg

 Title image courtesy of dineshdsouza

 

 

 

100,000 Tax Accounts Breached Through IRS “Get Transcript” App

While nothing is impossible to breach you’d think that it would be really really hard to gain access to information like the one from the IRS. At least that’s what I thought – until I saw their press release today. According to the statement cybercriminals managed to illegally gain access to data from about 100,000 accounts by using the IRS’ very own “Get Transcript” app. Accessed data include things like addresses, birthdates, Social Security information, and the tax filing statuses.

Now don’t misunderstand the situation: The IRS has not been hacked. Well. Not in the usual sense of the word anyway. “These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer”, explains the IRS statement. What does that mean? The criminals collected a lot of data and information on a lot of unlucky people – be it through phishing of by buying data from shady online sources – and used them to actually access taxpayers past tax records.

According to the information supplied the attackers tried to access 200,000 accounts between February and mid-May which leaves them with a success rate of 50%.

Once the IRS identified the questionable attempts to gain access to its data it decided to shut down the “Get Transcript” app temporarily. The whole affair is now also under investigation of the Treasury Inspector General for Tax Administration and the IRS’ Criminal Investigation unit.

The IRS closes the statement with the following: “The IRS will be working aggressively to protect affected taxpayers and strengthen our protocols even further going forward.”

The post 100,000 Tax Accounts Breached Through IRS “Get Transcript” App appeared first on Avira Blog.