New Tax Phishing Schemes in 2018: What You Should Know

By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager

New Tax Phishing Schemes in 2018: What You Should Know

The IRS has shared important information to keep taxpayers informed on new tax scams that are occurring in 2018. They are urging individuals and businesses to be alert to fake emails or websites that attempt to steal your personal information.


According to the IRS,

In a recent twist to a phishing scam, the IRS has seen thousands of taxpayers victimized by an unusual scheme that involves their own bank accounts. After stealing client data from tax professionals and filing fraudulent tax returns, the criminals use taxpayers’ real bank accounts to direct deposit refunds. Thieves are then using various tactics to reclaim the refund from the taxpayers, including falsely claiming to be from a collection agency or representing the IRS. Phone calls, emails and web sites are used to make the scheme more elaborate. Versions of the scam may continue to evolve. The IRS encourages taxpayers to review some basic tips if they see an unexpected deposit in their bank account.

In addition, the IRS has seen email schemes in recent weeks targeting tax professionals, payroll professionals, human resources personnel, schools as well as individual taxpayers.

In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name. Or they may pose as a bank, credit card company, tax software provider or government agency. Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages. These criminals hope victims will “take the bait” and provide money, passwords, Social Security numbers and other information that can lead to identity theft.

Fake emails and websites also can infect a taxpayer’s computer with malware without the user knowing it. The malware gives the criminal access to the device, enabling them to access all sensitive files or even track keyboard strokes, exposing login information, or install backdoors so the hackers can remotely access the machine at any time.

What to Do with Phishing Attempts

If a taxpayer receives an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), they should report it by sending it to phishing@irs.gov. Learn more by going to the Report Phishing and Online Scams page on IRS.gov.

It is important to keep in mind the IRS generally does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

Taxpayers have a set of fundamental rights they should be aware of when dealing with the IRS. Taxpayers can explore the Taxpayer Bill of Rights and the agency’s obligations to protect them on IRS.gov.

If you receive an email that appears to be legitimate, navigate directly to the website by typing in “irs.gov” into a web browser instead of clicking the link in the email, which may bring you to an imposter website.

Access the full article.

Source: IRS.gov


Interested in learning how to protect your business from cybersecurity threats? Contact us. Our Cybersecurity team can help. Our team is focused solely on evaluating business processes, information technology controls, and security. As such, we possess a unique combination of business and IT expertise and communicate effectively with business and IT professionals alike.

About Keiter Cybersecurity Services

At Keiter, we take a holistic approach to protecting our clients’ data. We leverage state of the art technology combined with a highly trained IT team to maintain and secure our clients’ data. In addition, we provide a variety of cybersecurity services to assist businesses with their data security needs.

Additional Resources:

Share this Insight:

About the Author


Christopher Moschella

Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog.

More Insights from Christopher Moschella

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Categories

Contact Us