Phishing Scheme Requests Confidential Employee Information

(Journal of Accountancy By: Sally P. Schreiber; Published March 1, 2016)

Payroll and human resources departments should beware of an email phishing scheme in which cybercriminals pose as company executives (including CEOs) and ask for confidential employee information, such as Forms W-2, Wage and Tax Statement, and employees’ Social Security numbers, address, date of birth, and salary, the IRS warned on Tuesday. Once this information has been stolen, it can be used to commit a number of crimes, including filing fraudulent tax returns to obtain refunds.

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” IRS Commissioner John Koskinen said in a prepared statement. The fraudulent emails use what is called “spoofing,” which makes it appear the messages are from company executives, and often contain the name of the company’s CEO. Payroll departments are warned not to respond to these emails without being sure of who they are sending this information to.

The IRS says its Criminal Investigation division is reviewing several cases in which this latest variation on phishing has tricked people into supplying confidential employee information to cybercriminals.

The IRS recently reported detecting a 400% surge in email phishing schemes and malware attacks this tax season. It reminded taxpayers to be vigilant in protecting their personal information. Phishing schemes recently made the IRS’s annual “dirty dozen” list of top tax scams (see prior coverage here).

If you have questions about any of these scams, BiggsKofford is here to help. Call us at 719-579-9090 or send us an email to info@biggskofford.com.

(Journal of Accountancy By: Paul Bonner; Published February 26, 2016)

Another 390,000 taxpayer accounts have been identified as potentially accessed by thieves that hacked into the IRS’s “Get Transcript” online application, the IRS said Friday, bringing the total number of accounts affected to approximately 724,000.

The breach was discovered last May, when the IRS initially identified possible unauthorized access of about 114,000 taxpayer accounts. Then, last August, the IRS revised that figure to 334,000. The application on the IRS website, launched in January 2014, was intended to allow taxpayers to more easily obtain records of their prior tax filings. It has remained suspended since the data breach was first discovered.

Friday’s revelation of the additional accounts potentially breached was the result of a nine-month investigation by the Treasury Inspector General for Tax Administration. In addition, the investigation revealed hackers had targeted another 295,000 taxpayer transcripts but failed to gain access to them.

As in the previous discoveries, the IRS said it will notify taxpayers whose accounts may have been accessed, allowing them to request identity protection personal identification numbers for more secure tax filings, offering free credit report fraud monitoring for a year, and more closely scrutinizing returns with those Social Security numbers.

The latest revelation also comes just days after the IRS also revealed that it had discovered and stopped an attempted attack on its e-filing personal identification number (PIN) system in January. No personal taxpayer data were compromised in that attempted breach, the IRS said.

We hope this information is helpful. If you would like more details about the hacks, please do not hesitate to call Greg Gandy or Michael McDevitt at 719-579-9090.

(Journal of Accountancy By: Sally P. Schreiber; Published February 17, 2016)

Every year, the IRS releases a list of what it calls the worst tax scams of the year. Beginning Feb. 1 and ending on Feb. 17, the IRS issued a news release each day highlighting a scam. These “dirty dozen” scams can be encountered at any time of year, but the IRS reports that they peak during tax season.

1. Identity theft

According to the IRS, the No. 1 scam this year is tax-related identity theft, which the IRS defines as when someone uses a taxpayer’s stolen Social Security number to file a tax return claiming a fraudulent refund (IR-2016-12). Although the IRS has introduced more effective screening and detection systems that are designed to detect identity theft before it issues a refund, the Service admitted that it is still a major problem. To fight the problem more effectively, over the past year, the IRS has participated in a Security Summit initiative in partnership with states and the tax-preparation industry to try to improve security for taxpayers. The participants share information of fraudulent schemes that have been detected this filing season to provide increased protection. More than 20 data elements are used, unknown to taxpayers, to verify tax return information.

In addition, the IRS urged taxpayers to protect their own information so it is harder for thieves to breach the IRS’s security systems. These efforts at taxpayer education include the Taxes. Security. Together. campaign to help taxpayers avoid the data breaches that make it easier for them to become victims.

2. Phone scams

The second scam this year is phone scams, in which criminals call, impersonating the IRS (IR-2016-14). Many times, they disguise the number they are calling from so it appears to be the IRS or another agency calling, and they may threaten arrest, deportation, or license revocation. The scammers sometimes use IRS titles and fake badge numbers to appear legitimate and use the victim’s name, address, and other personal information, which makes the call sound official.

To protect themselves, the IRS says, taxpayers should be aware the IRS will never call to demand immediate payment, call about taxes owed without first having mailed a bill, call to demand payment without the opportunity to question or appeal, require use of a specific payment method, such as a prepaid debit card or wire transfer, ask for credit or debit card numbers over the phone, or threaten to bring in local police or other law enforcement to arrest a taxpayer for not paying.

3. Phishing

Another scam that continues to appear high on the list is “phishing,” in which taxpayers get unsolicited emails seeking financial or personal information. A taxpayer who receives a suspicious email should send it to phishing@irs.gov. “The IRS won’t send you an email about a bill or refund out of the blue,” said IRS Commissioner John Koskinen (IR-2016-15). Scam emails can also infect a computer with malware without the taxpayer’s knowing it, often enabling the criminals to access sensitive files or track keyboard strokes, exposing login information.

4. Return preparer fraud

Return preparer fraud involves “dishonest preparers who set up shop each filing season to perpetrate refund fraud, identity theft and other scams that hurt taxpayers” (IR-2016-16). The IRS warned taxpayers to be wary of “unscrupulous preparers who prey on unsuspecting taxpayers with outlandish promises of overly large refunds,” which is why the IRS says this scam makes it onto the list every year.

“Choose your tax return preparer carefully because you entrust them with your private financial information that needs to be protected,” Koskinen said. The IRS provides a number of tips for taxpayers to choose competent preparers, including checking what the preparer’s credentials are, making sure the preparer will be available after filing season, and ensuring that the taxpayer’s refund is deposited into the taxpayer’s account, not the preparer’s. The IRS recommends avoiding preparers who base their fees on a percentage of the refund or promise larger refunds than other preparers.

5. Hiding money or income offshore

Hiding money or income offshore, which is a major focus of IRS enforcement efforts, is the next tax scam the IRS addressed (IR-2016-17). “Our continued enforcement actions should discourage anyone from trying to illegally hide money and income offshore,” Koskinen said. As the IRS explained, there are legitimate reasons that taxpayers have foreign accounts, but these accounts trigger reporting requirements. The IRS offers a number of programs, including the Offshore Voluntary Disclosure Program, for taxpayers to come into compliance with these requirements. The IRS noted that the heightened reporting required under the Foreign Account Tax Compliance Act, which went into effect in 2015, makes it even harder for taxpayers to conceal assets overseas.

6. Inflated refund claims

Another scam that is closely related to return preparer fraud is inflated refund claims, in which unscrupulous preparers set up shop to lure unsuspecting taxpayers (IR-2016-18). “Be wary of tax preparers that tout outlandish refunds based on federal benefits or tax credits you’ve never heard of or weren’t eligible to claim in the past,” Koskinen said.

Inflated refund claims often involve claims for tax credits that taxpayers are not entitled to, such as education credits, the earned income tax credit (EITC), or the American opportunity tax credit. The IRS reminds taxpayers that they are responsible for what is on their return, even if someone else prepares it, and they can be assessed penalties and interest as well as additional tax.

7. Fake charities

Next on the list is fake charities. Taxpayers are cautioned to check the Exempt Organizations Select Check on the IRS’s website to determine whether a charity is bona fide and qualifies for deductible contributions (IR-2016-20). Legitimate charities should be willing to give donors their employer identification numbers, which can then be used to check whether the charities are qualified on the IRS website. Fake charities often use names similar to well-known organizations and may set up fake websites. They also can be used for identity theft purposes. When large-scale natural disasters occur, these fraudulent organizations tend to increase, the IRS reports, and it warns that taxpayers should not make any contributions without checking first.

8. Falsely padding deductions

No. 8 on the list is falsely padding deductions (IR-2016-21), which consists of deceitfully inflating deductions or expenses on the return to pay less tax or receive a bigger refund. This item is new to the dirty dozen list this year. The IRS warns taxpayers that they should “think twice” before overstating their charitable contribution expenses or padding their business expenses, as well as avoid claiming credits they are not entitled to, such as the EITC and the child tax credit. Taxpayers who do this may be subject to substantial penalties and may, in some cases, face criminal prosecution.

9. Excessive claims for business credits

The next item on the list, excessive claims for business credits, expands on last year’s “excessive claims for fuel credits” (IR-2016-22). This scam involves two specific false claims for credits: fraudulent claims for refunds of fuel excise tax and bogus claims for the research tax credit. The IRS says that its refund fraud filters are stopping a number of fraudulent fuel excise tax refunds this year.

10. Falsifying income to claim tax credits

Tenth on the list is falsifying income to claim tax credits (IR-2016-23). This usually involves falsely claiming higher earned income to qualify for the EITC, which is a refundable credit. Unscrupulous preparers often do this to get taxpayers larger refunds than they are entitled to. Even when taxpayers are unaware of these false claims, they are, as the IRS reminds again, responsible for what is on their tax return. They can be subject to significant penalties, interest, and possibly prosecution.

11. Abusive tax shelters

No. 11 is participating in abusive tax shelters (IR-2016-25). Abusive tax shelters are defined as schemes using multiple flowthrough entities to evade taxes. They often use limited liability companies, limited liability partnerships, international business companies, foreign financial accounts, offshore credit or debit cards, and multilayer transactions to conceal who owns the income or assets.

The IRS also mentions the misuse of trusts and captive insurance companies among the types of transactions taxpayers should avoid. As in some of the other scams, the IRS warns that participating in these transactions can result in significant penalties and interest and “possible criminal prosecution.” According to Koskinen, “These schemes can end up costing taxpayers more in back taxes, penalties, and interest than they saved in the first place.”

12. Frivolous tax arguments

The final “scam” is frivolous tax arguments, which the IRS warns taxpayers not to be talked into (IR-2016-27). Announcing the release today of the 2016 version of its webpage, “The Truth About Frivolous Tax Arguments,” the IRS explained how the courts and the IRS have treated these arguments, which involve claims such as that the only employees subject to income tax are employees of the federal government or that only foreign income is taxable. “Taxpayers should avoid unscrupulous promoters of false tax-avoidance arguments because taxpayers end up paying what they owe plus potential penalties and interest mandated by law,” Koskinen said. The IRS reminded taxpayers that they would automatically be subject to the $5,000 penalty for frivolous tax positions.

If you have any questions regarding this, please to not hesitate to contact Greg Gandy or Mike McDevitt at (719) 579-9090.

(Journal of Accountancy By: Sally P. Schreiber; Published February 10, 2016)

The IRS revealed on Tuesday that it discovered and stopped an automated cyberattack on its e-filing personal identification number (PIN) system last month. According to the IRS, the cybercriminals used information stolen “elsewhere outside the IRS” to generate e-file PINs for stolen Social Security numbers (SSNs). E-file PINs are used by some taxpayers to electronically file their tax returns.

Although no personal taxpayer data were compromised or disclosed by the breach, the IRS noted that the cybercriminals succeeded in using 101,000 SSNs to access e-file PINs (out of 464,000 attempts).

The IRS is notifying the affected taxpayers and placing tax return identity theft markers on their accounts. It is also continuing to closely monitor the Electronic Filing PIN application against further breaches.

The IRS also said it is working with other agencies and the Treasury Inspector General for Tax Administration to assess the problem and has shared information with Security Summit state and industry partners. It said the breach was not related to last week’s e-filing shutdown.

The news follows closely on last summer’s announcement that a breach of the IRS Get Transcript system resulted in the theft of some 334,000 taxpayers’ tax data (see prior coverage here).

If you have any questions regarding the IRS hack, please contact us at 719-579-9090. If you have been notified that your identity has been breached, please read here.

Chris Blees

Chris Blees

President & CEO

Send Email
View Full Bio

We have become aware of a new scam that is being perpetrated against small and mid-size companies.  Here’s how it works…

The company owner/CEO’s email address is cloned and an email is sent to his/her CFO/Controller. The CFO is instructed to wire funds for what appears to be a legitimate business transaction.

For many small to mid-size companies, this type of email exchange between CEO and CFO is actually quite common. So, the CFO executes the wire – believing it was a legitimate request from the CEO.

Before you say “This couldn’t happen to me”… ask yourself how much trust exists between you and your CFO? Of course, we all want a trusted relationship with our CFO. But, this trust is actually being used against business owners in this scam.

Here are some ideas to prevent this:

  1. Ask your business banker to help you implement and enforce controls requiring separate approval for all wire transactions directly by the CEO.
  2. Make sure any employees that authorized the transmittal of funds always obtain a secondary confirmation from the CEO (in person, over the phone or even in a voice-mail).
  3. If you routinely send emails to authorize wires, consider establishing a “code” word or phrase that the CFO knows identifies the CEO in the email. (Note: This may not be failsafe, if your email has been hacked and is being monitored).

As the criminals get more creative and sophisticated, so must we. Please watch out for this latest scam.

(KOAA; Published August 17, 2015)

WASHINGTON (AP) – The IRS says thieves used an agency webs6523573_Gite to steal tax information from as many as 220,000 additional taxpayers.

The agency first disclosed the breach in May. Monday’s revelation more than doubles the total number of potential victims, to 334,000.

The thieves accessed a system called “Get Transcript,” where taxpayers can get tax returns and other filings from previous years. In order to access the information, the IRS said the hackers already had information about the taxpayers, including Social Security numbers and dates of birth.

The IRS believes the breach was part of a sophisticated scheme to use stolen identities to claim fraudulent tax refunds in future years.

The IRS said it will begin notifying newly discovered victims in the next few days. The agency will offer credit protection.

As many of our clients have observed, IRS notices to verify payments are up astronomically this year. Why is this the case when it seems nearly impossible to communicate with an actual agent? Due to $10.9 billion in budget cuts and short-handed staffing issues, the agency has had to rely more on technology than ever before.

According to the IRS Newswire, hackers were able to breach the IRS’s Get Transcript Online service, and were able to obtain past tax return data for more than 104,000 individuals while attempting to access the information of more than 200,000 taxpayers.  The tax hackers were able to obtain enough data from an outside source to allow them access without having to clear a multistep verification process. The IRS said that the data gathered would help criminals to file more credible seeming false returns that are more likely to evade IRS antifraud filters.

After learning about the hack, the IRS promptly shut down the Get Transcript Online service that is primarily used by individuals to obtain past tax data for mortgage and college applications. Because of this breach, the 200,000 affected taxpayers should have received and official IRS letter indicating that the criminals had their tax information, and the IRS would offer credit monitoring services to the 104,000 who had their data stolen.

Results from this hack were felt by millions as refund turnaround was much slower and verification notices from the IRS skyrocketed, making numerous clients nervous. Although numerous clients experienced identity theft issues this year, please note that BiggsKofford has not experienced any security breaches.

If you have any questions regarding the IRS hack, please contact us at 719-579-9090. If you have been notified that your identity has been breached, please read here.

Due to increased frequency of identity theft and fraud with both state and federal taxes, the Internal Revenue Service and Colorado Department of Revenue have implemented new processes to protect taxpayers and to increase diligence within the department. This year, we have had several clients receive letters requesting additional information and documentation from the CDOR to validate individual income tax returns.

If you receive a letter with “Request for Additional Information to Process a Refund” from the Department printed on State of Colorado official letterhead with the following address: 1375 Sherman Street, Denver, CO 80261, consider it an official document.

The letter, which requests multiple documents including prior year W-2(s), 1099(s), military LES, K-1(s), copies of identifying documents, etc., is simply a verification process that the CDOR is implementing to help prevent fraudulent income tax returns. Compliance with their request will only speed up the refund process and help to keep your identity safe.

In some cases, refunds are also being converted from direct deposit to paper check to maintain security and confidential information. If you receive a paper check and have not yet filed your individual income tax return, do not cash the check. It is important to report the information to the CDOR Fraud Hotline by calling 303-205-8338. Please also note that the IRS and the CDOR will not initiate contact with individuals through electronic communication (i.e. email, txt, or social media) to request any personal or financial data.

If you have questions or need assistance with a difficult tax-related issue, BiggsKofford is here to help. Call us at 719-579-9090 or send us an email to info@biggskofford.com.

(By: IRS Newswire, Published June 2015)

WASHINGTON—The Internal Revenue Service today reminded all taxpayers with an FBAR filing requirement to report their foreign assets by the June 30 deadline. FBAR filings have risen dramatically in recent years as FATCA phases in and other international compliance efforts have raised awareness among taxpayers with offshore assets.

The IRS encourages taxpayers with foreign assets, even relatively small amounts, to check if they have a filing requirement. Separately, certain taxpayers living abroad may also have to file the FATCA-related Form 8938 with their tax returns by the June 15 deadline. (Domestic filers may also be required to file Form 8938, which would have been due by April 15 with their tax returns.)

“The vast majority of taxpayers pay their fair share. The FBAR and FATCA filing requirements make it tougher for that relatively small number of taxpayers trying to hide assets and income offshore,” said IRS Commissioner John Koskinen. “Taxpayers are encouraged to review the rules and disclose their offshore assets.”

FBAR Requirements

FBAR refers to Form 114, Report of Foreign Bank and Financial Accounts, that must be filed with the Financial Crimes Enforcement Network (FinCEN), which is a bureau of the Treasury Department. The form must be filed electronically and is only available online through the BSA E-Filing System website.

Who needs to file an FBAR? Taxpayers with an interest in, or signature or other authority over, foreign financial accounts whose aggregate value exceeded $10,000 at any time during 2014 generally must file. For more on filing requirements, see Current FBAR Guidance on IRS.gov. Also see the one-hour webinar explaining the FBAR requirement.

The FBAR filing requirement is not part of filing a tax return. The FBAR Form 114 is filed separately and directly with FinCEN.

FBAR filings have surged in recent years, according to data from FinCEN. FBAR filings exceeded 1 million for the first time in calendar year 2014 and rose nine of the last 10 years from about 280,000 back in 2005.

FATCA Requirements

FATCA refers to the Foreign Account Tax Compliance Act. The law addresses tax non-compliance by U.S. taxpayers with foreign accounts by focusing on reporting by U.S. taxpayers and foreign financial institutions.

In general, federal law requires U.S. citizens and resident aliens to report any worldwide income, including income from foreign trusts and foreign bank and securities accounts. In most cases, affected taxpayers need to complete and attach Schedule B to their tax returns. Part III of Schedule B asks about the existence of foreign accounts, such as bank and securities accounts, and generally requires U.S. citizens to report the country in which each account is located.

In addition, certain taxpayers may also have to complete and attach to their return Form 8938 Statement of Special Foreign Financial Assets.  Generally, U.S. citizens, resident aliens and certain nonresident aliens must report specified foreign financial assets on this form if the aggregate value of those assets exceeds certain thresholds. See the instructions of this form for details.

The FATCA Form 8938 requirement does not replace or otherwise affect a taxpayer’s obligation to file an FBAR Form 114.  A brief comparison of the two filing requirements is available on IRS.gov.

U.S. Income Tax Obligations

U.S. citizens and resident aliens, including those with dual citizenship who have lived or worked abroad during all or part of 2014, may have a U.S. tax liability and a filing requirement in 2015.

A filing requirement generally applies even if a taxpayer qualifies for tax benefits, such as the foreign earned income exclusion or the foreign tax credit, that substantially reduce or eliminate their U.S. tax liability. These tax benefits are not automatic and are only available if an eligible taxpayer files a U.S. income tax return.

The filing deadline is Monday, June 15, 2015, for U.S. citizens and resident aliens whose tax home and abode are outside the United States and Puerto Rico, and for those serving in the military outside the U.S. and Puerto Rico, on the regular due date of their tax return. To use this automatic two-month extension, taxpayers must attach a statement to their returns explaining which of these two situations applies. See U.S. Citizens and Resident Aliens Abroad for details.

Nonresident aliens who received income from U.S. sources in 2014 also must determine whether they have a U.S. tax obligation. The filing deadline for nonresident aliens can be April 15 or June 15 depending on sources of income. See Taxation of Nonresident Aliens on IRS.gov.

More Information Available

Any U.S. taxpayer here or abroad with tax questions can refer to the International Taxpayers landing page and use the online IRS Tax Map and the International Tax Topic Index to get answers. These online tools assemble or group IRS forms, publications and web pages by subject and provide users with a single entry point to find tax information.

Taxpayers who are looking for return preparers abroad should visit the Directory of Federal Tax Return Preparers with Credentials and Select Qualifications.

To help avoid delays with tax refunds, taxpayers living abroad should visit the Helpful Tips for Effectively Receiving a Tax Refund for Taxpayers Living Abroad page.

More information on the tax rules that apply to U.S. citizens and resident aliens living abroad can be found in, Publication 54, Tax Guide for U.S. Citizens and Resident Aliens Abroad, available on IRS.gov.

The IRS has launched new online videos and has expanded other online resources to help taxpayers, especially those living abroad, meet their U.S. tax obligations. For details see IR-2015-85 issued on June 4, 2015.

 

After having a handful of clients express concerns regarding suspicious phone calls, BiggsKofford confirmed an ongoing scam with Colorado Spring Utilities (“CSU”). CSU warns customers to beware of persons posing as utilities employees.

According to their website, CSU has “received reports of individuals calling and demanding that customers make a payment immediately, otherwise their service will be disconnected. The scammers demand that customers put the payment on a credit or prepaid card.

Several of our customers have also reported calls where individuals demand that customers pay a deposit in order to receive an “upgraded digital or GPS meter.” Again, the scammers demand the customer pay on a credit or prepaid card or risk disconnection.

Be aware that we never require customers to make payments on a credit or prepaid card, nor would we require a deposit to upgrade a meter. We do not make outbound calls asking for a customer’s credit card information.

All of our field employees are required to wear Colorado Springs Utilities uniforms, possess official picture identification that contains an employee ID number, and drive a Springs Utilities-logoed vehicle. If the employee has arrived unannounced and requests access to your home or business, you should ask for picture identification. Report suspicious activity immediately to local police and Springs Utilities.”

If you are ever suspicious about a phone call or visit that you did not initiate, call CSU at 719-448-4800.

(By: Thomson Reuters, Published January 2015)

In two Fact Sheets, IRS has listed numerous ways that taxpayers can protect themselves from identity theft and the steps they should take if they find they have become victims of such fraud.

Background. IRS continues to increase its efforts against refund fraud, which includes identity theft. As a result of these aggressive efforts to combat identity theft from 2011 through October 2014, IRS has stopped 19 million suspicious returns and protected more than $63 billion in fraudulent refunds.

For 2015, IRS will continue to increase both the number and efficiency of the identity theft data models and filters that are used to identify potentially fraudulent returns. These pre-refund filters stop the vast majority of fraudulent returns. IRS also continues to expand its partnerships with financial institutions to identity and stop fraudulent refunds.

Starting January 2015, IRS also will limit the number of direct deposit refunds to a single financial account or pre-paid debit card to three. Fourth and subsequent valid refunds will convert to paper checks and be mailed to the taxpayer. The limit also will stop certain tax preparers who improperly deposit client refunds into their own accounts.

Fighting identity theft is an ongoing battle as identity thieves continue to create new ways of stealing personal information and using it for their gain. Tax-related identity theft occurs when someone uses a stolen Social Security (SS) number to file a tax return to claim a fraudulent refund. A taxpayer’s SSN can be stolen through a data breach, a computer hack or a lost wallet. Although identity theft affects a small percentage of tax returns, it can have a major impact on victims by delaying their refunds.

Protecting oneself. IRS listed a number of simple, practical steps that a taxpayer can take to avoid becoming a victim. It advised a taxpayer:

  • Don’t carry your Social Security card or any documents that include your SSN or Individual Taxpayer Identification Number (ITIN);
  • Don’t give a business your SSN or ITIN just because they ask. Give it only when required;
  • Protect your financial information;
  • Check your credit report every 12 months;
  • Review your Social Security Administration earnings statement annually;
  • Secure personal information in your home;
  • Protect your personal computers by using firewalls and anti-spam/virus software, updating security patches and changing passwords for Internet accounts; and
  • Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with.

Warning Signs. IRS provided possible indications that there has been a tax-related identity theft. It advised that a taxpayers should be on guard if he or she receive a notice from IRS or learn from their tax professional that:

  • More than one tax return was filed for you;
  • You owe additional tax, have a refund offset or have had collection actions taken against you for a year you did not file a tax return;
  • IRS records indicate you received more wages than you actually earned; or
  • Your state or federal benefits were reduced or cancelled because the agency received information reporting an income change.

Steps to take. IRS advised that all victims of tax-related identity theft should:

  • File a report with the local police;
  • File a complaint with the Federal Trade Commission (FTC) or the FTC Identity Theft hotline:
  • Contact one of the three major credit bureaus to place a “fraud alert’ on your account (Equifax, Experian, or TransUnion); and
  • Close any accounts that have been tampered with or opened fraudulently.

In addition, if a taxpayer’s SSN has been compromised and the taxpayer knows or suspects he or she may be a victim of tax-related identity theft, a taxpayer should:

  • Respond immediately to any IRS notice and call the number provided;
  • Complete IRS Form 14039, Identity Theft Affidavit. Use a fillable form at IRS’s website, print, then mail or fax according to instructions;
  • Continue to pay your taxes and file your tax return, even if you must do so by paper; and
  • If you previously contacted IRS and did not have a resolution, contact the Identity Protection Specialized Unit.

Steps IRS has taken. IRS notes that identity theft cases are among the most complex handled by IRS. It is continually reviewing processes and policies to minimize the incidence of identity theft and to help those who find themselves victimized. Among the steps underway to help victims:

  • The IRS Identity Protection PIN (IP PIN) is a unique six digit number that is assigned annually to victims of identity theft for use when filing their federal tax return that shows that a particular taxpayer is the rightful filer of the return.
  • IRS is offering certain taxpayers the opportunity to opt into the IP PIN program. These are taxpayers who may be unaware that they are identity theft victims but IRS identified them because their accounts have indications of identity theft.
  • IRS will continue its IP PIN pilot program that allows taxpayers who filed tax returns last year
  • from Florida, Georgia or the District of Columbia to opt into the IP PIN program.
  • This year, IRS uses an online process through its website that will allow taxpayers who have an IP PIN requirement and lose their IP PIN to create an account and receive an IP PIN online.
  • Victim case resolution are extremely complex cases to resolve, frequently touching on multiple issues and multiple tax years. A typical case can take 120 days to resolve, and IRS is working to streamline its internal process and reduce that time period.

Thomson Reuters/Tax & Accounting.

Phishing Remains on the IRS “Dirty Dozen” List of Tax Scams for the 2015 Filing Season

Phishing-Malware: English | Spanish | ASL

WASHINGTON — The Internal Revenue Service today warned taxpayers to watch out for fake emails or websites looking to steal personal information. These “phishing” schemes continue to be on the annual IRS list of “Dirty Dozen” tax scams for the 2015 filing season.

“The IRS won’t send you an email about a bill or refund out of the blue. Don’t click on one claiming to be from the IRS that takes you by surprise,” said IRS Commissioner John Koskinen. “I urge taxpayers to be wary of clicking on strange emails and websites. They may be scams to steal your personal information.”

Compiled annually, the “Dirty Dozen” lists a variety of common scams that taxpayers may encounter anytime but many of these schemes peak during filing season as people prepare their returns or find people to help with their taxes.

Illegal scams can lead to significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice (DOJ) to shutdown scams and prosecute the criminals behind them.

Stop and Think before Clicking

Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.

If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov.

It is important to keep in mind the IRS generally does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS has information online that can help you protect yourself from email scams.