Full Service Law Firm in Mt. Laurel Township, NJ | Capehart Scatchard

Protect Your Information

The Internal Revenue Service continues in its fight against cyber criminals and is constantly finding new ways that these criminals are obtaining information.  There is no limit to the means in which crimes can occur.  Whether through a telephone call, text message or email, the con artist tries to convince the recipient that they need to provide Social Security numbers, bank account or credit card information or passwords. The scam may also include sending links that once clicked on can download malicious software that collects, or “mines”, personal data.

Often, criminals pose as someone the recipient knows or frequently interacts with, whether a social or family relationship or a business contact. They gather much of this information from social media. A person’s contacts or ‘friends’ are used to bait the recipient into thinking they’re dealing with someone they know.  The IRS warns taxpayers to be alert for a continuing surge of fake emails, text messages, web sites and social media attempts to steal personal information.

Phishing scams target individuals with communications appearing to come from legitimate sources to collect victims’ personal and financial data and potentially infect their devices by convincing the target to download malicious programs. Cybercriminals usually send these phishing communications by email but may also use text messages or social media posts or messaging.

These phishing schemes can be tricky and cleverly disguised to look like they’re from the IRS or from others in the tax community. Taxpayers are reminded to continually watch out for emails and other scams posing as the IRS, like those promising a big refund, missing stimulus payment or even issuing a threat. People should not open attachments or click on links in those emails or text messages.

Individuals should be wary of unexpected phone calls asking for personal financial information. The IRS has seen an increase in voice-related phishing, or “vishing,” particularly from scams related to federal tax liens. For those receiving phone calls out of the blue, security experts recommend asking questions of the caller but not providing any personal information. If in doubt, hang up immediately.

The IRS urges taxpayers to remain vigilant and to remember the following things about the IRS:

  • The IRS generally first contacts people by mail – not by phone – about unpaid taxes.
  • The IRS may attempt to reach individuals by telephone but will not insist on payment using an iTunes card, gift card, prepaid debit card, money order or wire transfer.
  • The IRS will never request personal or financial information by e-mail, text or social media.

Recipients of these calls should hang up before giving out any information. If anyone receives an unexpected call from the IRS that they believe to be a scam, they can report it to the Treasury Inspector General for Tax Administration (TIGTA).

Social media scams have also led to tax-related identity theft. The basic element of social media scams is convincing a potential victim that he or she is dealing with a person close to them that they trust via email, text or social media messaging.

Using personal information, a scammer may email a potential victim and include a link to something of interest to the recipient, but which contains malware intended to commit more crimes. Scammers also infiltrate their victim’s emails and cell phones to go after their friends and family with fake emails that appear to be real, and text messages soliciting, for example, small donations to fake charities that are appealing to the victims.

Individuals should know that any of their information that is publicly shared on social media platforms can be collected and used against them. One way to circumvent these scams is to review privacy settings and limit data that is publicly shared.

The IRS reminds taxpayers to keep abreast of news about fraud-related behavior. Report any instances of fraud immediately.

We seem to be inundated with information to the extent that we can be overwhelmed.  What should we pay attention to? What isn’t relevant to our situation? Is the information being provided valid and authentic?  So, what should we do? 

First of all, be cautious on the source of the information.  Is it from a trusted source?  In our world today, identity theft is on the rise and many people may not have even realized their identity has been compromised until after damage has occurred.  Cybercrimes are happening all of the time.  So, what can we do to protect ourselves?  It doesn’t require a technology expert – just common sense and diligence. 

Don’t open suspicious emails.  If they are from an unknown sender, they could be damaging. 

Only provide sensitive information on secure websites.  Remember that many public web connections are not secure and expose any user to potential hacking. 

All of your hardware should be protected by firewalls and anti-virus protectors. 

Use unique passwords that are strong and unique.  And, don’t use the same password for all websites or use obvious passwords like “password”, your name, etc.  Secure passwords are usually at least 8 characters long, are a combination of letters and numbers, have upper and lower case letters and may contain a symbol. 

You can get an Identity Protection PIN from the IRS which is a six-digit code that is used when filing your federal tax returns if you suspect your identity has been compromised.

Don’t carry your Social Security card or notes with your SSN on your person.  Also, do you really need to carry every credit card you have with you?  If you have store cards, many stores will allow you to charge to your account with identification, in which case, you don’t need to carry your card.

If you have workers in your home, make certain that your confidential information is concealed and not left in the open.  If there are individuals on an extended basis, it may be pertinent to lock up sensitive information. 

These precautions are not difficult nor require much effort.  Be diligent, cautious and alert.  Protect yourself.  Don’t allow yourself to become a victim.

Whether you think about your home or your office (in office or remote office), do you have confidential or sensitive information out in the open?  Easily accessible?  If a visitor were to come near your work area, could information be breached?  Do you have either professional or personal information easily accessible whether it be on paper or electronically?  Could this information be taken without your knowing it until it was too late?

Now may be the time to take a look at how secure this information is.  Do you have paper documentation at least in folders or stored out of sight unless you are working with the same?  If you are going to be away from home and someone will have access in your absence, is this information stored securely?  How about what you put in your recycling container to be picked up on recycling day – is there sensitive information that should be shredded?  If someone were to go through your recycle bin (or workers at the recycling center), could they obtain information about you that should not be seen? 

Perhaps you prefer the electronic methodology of keeping information.  If you work in the office and use a desktop, your IT department most likely has measures in place for security.  But, what if you use a laptop from your company.  Is the data encrypted?  Are USB drives you may use encrypted?  If either were to get into someone’s hands who should not have access, can the files be read, copied or sold?  Are they safe? 

If you use electronic means for personal purposes, how vulnerable is your information?  Do you access sensitive information on unsecure connections?  In hotels, restaurants, coffee shops, even professional offices? 

If you have individuals in your workplace or home to clean, to do repairs, for just a visit, take steps to avoid the compromise of any information – personal or professional.  Don’t become a victim.

We cannot be cautious enough when it comes to sensitive information – professional or personal.  Be wise.  Take precautions.  Don’t be vulnerable. It takes less time to be proactive rather than be reactive if a breach occurs. 

I mentioned in a prior article that individuals would be able to participate in the identity protection PIN program.  This PIN is a six-digit number assigned to eligible taxpayers to help prevent misuse of Social Security Numbers being used on fraudulent federal income tax returns. 

If you would like to take advantage of this program, you will need to pass the Security Access authentication protocol.  There are requirements to verify a taxpayer’s identity and are available on irs.gov for Secure Access requirements.

You can utilize the online tool Get An IP PIN at irs.gov and receive your PIN immediately. If you cannot pass the authentication online, you can file IRS Form 15227 via mail or fax if you have income of $72,000 or less.  An IRS employee will call the taxpayer to verify their identity using a series of questions.  If you are unable to obtain a PIN through either of these two methods, you should make an appointment to visit a Taxpayer Assistance Center.  

The PIN is valid for one year and a new PIN must be obtained each January. 

You must have a Social Security Number or Individual Tax Identification Number to participate in the program. 

There is no change in the IP PIN program for confirmed victims of tax-related identity theft. 

For more information about identity theft, visit IRS.gov.

The Internal Revenue Service, state tax agencies and the tax industry have recently warned of a new text scam created by thieves that trick people into disclosing bank account information under the guise of receiving the $1,200 Economic Impact Payment.

Taxpayers are reminded that neither the IRS nor state agencies will ever text taxpayers asking for bank account information so that an EIP deposit or any deposit may be made.

“Criminals are relentlessly using COVID-19 and Economic Impact Payments as cover to try to trick taxpayers out of their money or identities,” said IRS Commissioner Chuck Rettig. “This scam is a new twist on those we’ve been seeing much of this year. We urge people to remain alert to these types of scams.”

The scam text message states: “You have received a direct deposit of $1,200 from COVID-19 TREAS FUND. Further action is required to accept this payment into your account. Continue here to accept this payment …” The text includes a link to a fake phishing web address.

This fake phishing URL, which appears to come from a state agency or relief organization, takes recipients to a fraudulent website that impersonates the IRS.gov Get My Payment website. Individuals who visit the fraudulent website and then enter their personal and financial account information will have their information collected by these scammers.

People who receive this text scam should take a screen shot of the text message that they received and then include the screenshot in an email to phishing@irs.gov with the following information:

  • Date/Time/Time Zone that they received the text message
  • The number that appeared on their Caller ID
  • The number that received the text message

ALWAYS REMEMBER – The IRS does not send unsolicited texts or emails. The IRS does not call people with threats of jail or lawsuits, nor does it demand tax payments on gift cards.  And, think about it, if the IRS doesn’t do these things, do you think that your state tax agency would do such a thing?  BE ALERT, DON’T FALL PREY TO THESE SCAMS.

Fake Payments with Repayment Demands: Criminals are always finding new ways to trick taxpayers into believing their scam including putting a bogus refund into the taxpayer’s actual bank account. Here’s how the scam works:

A con artist steals or obtains a taxpayer’s personal data including Social Security number or Individual Taxpayer Identification Number (ITIN) and bank account information. The scammer files a bogus tax return and has the refund deposited into the taxpayer’s checking or savings account. Once the direct deposit hits the taxpayer’s bank account, the fraudster places a call to them, posing as an IRS employee. The taxpayer is told that there’s been an error and that the IRS needs the money returned immediately or penalties and interest will result. The taxpayer is told to buy specific gift cards for the amount of the refund.

The IRS will never demand payment by a specific method. There are many payment options available to taxpayers and there’s also a process through which taxpayers have the right to question the amount of tax we say they owe. Anytime a taxpayer receives an unexpected refund and a call from us out of the blue demanding a refund repayment, they should reach out to their banking institution and to the IRS.

Payroll and HR Scams: Tax professionals, employers and taxpayers need to be on guard against phishing designed to steal Form W-2s and other tax information. These are Business Email Compromise (BEC) or Business Email Spoofing (BES). This is particularly true with many businesses closed and their employees working from home due to COVID-19.  Currently, two of the most common types of these scams are the gift card scam and the direct deposit scam.

In the gift card scam, a compromised email account is often used to send a request to purchase gift cards in various denominations. In the direct deposit scheme, the fraudster may have access to the victim’s email account (also known as an email account compromise or “EAC”). They may also impersonate the potential victim to have the organization change the employee’s direct deposit information to reroute their deposit to an account the fraudster controls.

BEC/BES scams have used a variety of ploys to include requests for wire transfers, payment of fake invoices as well as others. In recent years, the IRS has observed variations of these scams where fake IRS documents are used in to lend legitimacy to the bogus request. For example, a fraudster may attempt a fake invoice scheme and use what appears to be a legitimate IRS document to help convince the victim.

Ransomware: This is a growing cybercrime. Ransomware is malware targeting human and technical weaknesses to infect a potential victim’s computer, network or server. Malware is a form of invasive software that is often frequently inadvertently downloaded by the user. Once downloaded, it tracks keystrokes and other computer activity. Once infected, ransomware looks for and locks critical or sensitive data with its own encryption. In some cases, entire computer networks can be adversely impacted.

Victims generally aren’t aware of the attack until they try to access their data, or they receive a ransom request in the form of a pop-up window. These criminals don’t want to be traced so they frequently use anonymous messaging platforms and demand payment in virtual currency such as Bitcoin.

Cybercriminals might use a phishing email to trick a potential victim into opening a link or attachment containing the ransomware. These may include email solicitations to support a fake COVID-19 charity. Cybercriminals also look for system vulnerabilities where human error is not needed to deliver their malware.

The IRS and its Security Summit partners have advised tax professionals and taxpayers to use the free, multi-factor authentication feature being offered on tax preparation software products. Use of the multi-factor authentication feature is a free and easy way to protect clients and practitioners’ offices from data thefts. Tax software providers also offer free multi-factor authentication protections on their Do-It-Yourself products for taxpayers.

If you have read each of the four blogs on protecting yourself from the “Dirty Dozen”, you will hopefully be aware of what to watch out for, how not to be vulnerable and how to best protect yourself from scammers.

Scams targeting non-English speakers: IRS impersonators and other scammers also target groups with limited English proficiency. These scams are often threatening in nature. Some scams also target those potentially receiving an Economic Impact Payment and request personal or financial information from the taxpayer.

Phone scams pose a major threat to people with limited access to information, including individuals not entirely comfortable with the English language.  These calls frequently take the form of a “robocall” (a text-to-speech recorded message with instructions for returning the call), but in some cases may be made by a real person. These con artists may have some of the taxpayer’s information, including their address, the last four digits of their Social Security number or other personal details – making the phone calls seem more legitimate.

A common one remains the IRS impersonation scam where a taxpayer receives a telephone call threatening jail time, deportation or revocation of a driver’s license from someone claiming to be with the IRS. Taxpayers who are recent immigrants often are the most vulnerable and should ignore these threats and not engage the scammers.

Unscrupulous Return Preparers: Selecting the right return preparer is important. They are entrusted with a taxpayer’s sensitive personal data. Most tax professionals provide honest, high-quality service, but dishonest preparers pop up every filing season committing fraud, harming innocent taxpayers or talking taxpayers into doing illegal things they regret later.

Taxpayers should avoid so-called “ghost” preparers who expose their clients to potentially serious filing mistakes as well as possible tax fraud and risk of losing their refunds. With many tax professionals impacted by COVID-19 and their offices potentially closed, taxpayers should take particular care in selecting a credible tax preparer.

Ghost preparers don’t sign the tax returns they prepare. They may print the tax return and tell the taxpayer to sign and mail it to the IRS. For e-filed returns, the ghost preparer will prepare but not digitally sign as the paid preparer. By law, anyone who is paid to prepare or assists in preparing federal tax returns must have a Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on returns.

Taxpayers are ultimately responsible for the accuracy of their tax return, regardless of who prepares it. Taxpayers can go to a special page on IRS.gov for tips on choosing a preparer.

Offer in Compromise Mills: Taxpayers need to wary of misleading tax debt resolution companies that can exaggerate chances to settle tax debts for “pennies on the dollar” through an Offer in Compromise (OIC). These offers are available for taxpayers who meet very specific criteria under law to qualify for reducing their tax bill. But unscrupulous companies oversell the program to unqualified candidates so they can collect a hefty fee from taxpayers already struggling with debt.

These scams are commonly called OIC “mills,” which cast a wide net for taxpayers, charge them pricey fees and churn out applications for a program they’re unlikely to qualify for. Although the OIC program helps thousands of taxpayers each year reduce their tax debt, not everyone qualifies for an OIC. In Fiscal Year 2019, there were 54,000 OICs submitted to the IRS. The agency accepted 18,000 of them.

Individual taxpayers can use the free online Offer in Compromise Pre-Qualifier tool to see if they qualify. The simple tool allows taxpayers to confirm eligibility and provides an estimated offer amount. Taxpayers can apply for an OIC without third-party representation; but the IRS reminds taxpayers that if they need help, they should be cautious about whom they hire.

Be sure to look for the final segment next week.

This week we continue our IRS Dirty Dozen list of tax scams.

Social Media Scams: Taxpayers need to protect themselves against social media scams, which frequently use events like COVID-19 to try tricking people. Social media enables anyone to share information with anyone else on the Internet. Scammers use that information as ammunition for a wide variety of scams. These include emails where scammers impersonate someone’s family, friends or co-workers.

Social media scams have also led to tax-related identity theft. The basic element of social media scams is convincing a potential victim that he or she is dealing with a person close to them that they trust via email, text or social media messaging.

Using personal information, a scammer may email a potential victim and include a link to something of interest to the recipient which contains malware intended to commit more crimes. Scammers also infiltrate their victim’s emails and cell phones to go after their friends and family with fake emails that appear to be real and text messages soliciting, for example, small donations to fake charities that are appealing to the victims.

EIP or Refund Theft: The IRS has made great strides against refund fraud and theft in recent years, but they remain an ongoing threat. Criminals this year also turned their attention to stealing Economic Impact Payments as provided by the Coronavirus Aid, Relief, and Economic Security (CARES) Act.

Much of this stems from identity theft whereby criminals file false tax returns or supply other bogus information to the IRS to divert refunds to wrong addresses or bank accounts.

The IRS recently warned nursing homes and other care facilities that Economic Impact Payments generally belong to the recipients, not the organizations providing the care. This came following concerns that people and businesses may be taking advantage of vulnerable populations who received the payments. These payments do not count as a resource for determining eligibility for Medicaid and other federal programs They also do not count as income in determining eligibility for these programs.

Taxpayers can consult the Coronavirus Tax Relief page of IRS.gov for assistance in getting their EIPs. Anyone who believes they may be a victim of identity theft should consult the Taxpayer Guide to Identity Theft on IRS.gov.

Senior Fraud: Senior citizens and those who care about them need to be on alert for tax scams targeting older Americans. The IRS recognizes the pervasiveness of fraud targeting older Americans, along with the Department of Justice and FBI, the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), among others.

Seniors are more likely to be targeted and victimized by scammers than other segments of society. Financial abuse of seniors is a problem among personal and professional relationships. Anecdotal evidence across professional services indicates that elder fraud goes down substantially when the service provider knows a trusted friend or family member is taking an interest in the senior’s affairs.

Older Americans are becoming more comfortable with evolving technologies, such as social media. Unfortunately, that gives scammers another means of taking advantage. Phishing scams linked to Covid-19 have been a major threat this filing season. Seniors need to be alert for a continuing surge of fake emails, text messages, websites and social media attempts to steal personal information.

Stay tuned for the next segment of the IRS Dirty Dozen.

Each year, the Internal Revenue Service releases its annual “Dirty Dozen” list of tax scams.   This year, there is a special emphasis on aggressive and evolving schemes related to coronavirus tax relief, including Economic Impact Payments.  I will be sharing this year’s “Dirty Dozen” over the course of the next four blogs.

“Tax scams tend to rise during tax season or during times of crisis, and scam artists are using the pandemic to try stealing money and information from honest taxpayers,” said IRS Commissioner Chuck Rettig. “The IRS provides the Dirty Dozen list to help raise awareness about common scams that fraudsters use to target people. We urge people to watch out for these scams. The IRS is doing its part to protect Americans. We will relentlessly pursue criminals trying to steal your money or sensitive personal financial information.”

Phishing: Taxpayers should be alert to potential fake emails or websites looking to steal personal information. The IRS will never initiate contact with taxpayers via email about a tax bill, refund or Economic Impact Payments. Don’t click on links claiming to be from the IRS. Be wary of emails and websites − they may be nothing more than scams to steal personal information.

IRS Criminal Investigation has seen a tremendous increase in phishing schemes utilizing emails, letters, texts and links. These phishing schemes are using keywords such as “coronavirus,” “COVID-19” and “Stimulus” in various ways.

Fake Charities: Criminals frequently exploit natural disasters and other situations such as the current COVID-19 pandemic by setting up fake charities to steal from well-intentioned people trying to help in times of need. Fake charity scams generally rise during times like these.

Fraudulent schemes normally start with unsolicited contact by telephone, text, social media, e-mail or in-person using a variety of tactics. Bogus websites use names similar to legitimate charities to trick people to send money or provide personal financial information. They may even claim to be working for or on behalf of the IRS to help victims file casualty loss claims and get tax refunds.

Taxpayers should be particularly wary of charities with names like nationally known organizations. Legitimate charities will provide their Employer Identification Number (EIN), if requested, which can be used to verify their legitimacy. Taxpayers can find legitimate and qualified charities with the search tool on IRS.gov.

Threatening Impersonator Phone Calls: IRS impersonation scams come in many forms. A common one remains bogus threatening phone calls from a criminal claiming to be with the IRS. The scammer attempts to instill fear and urgency in the potential victim. In fact, the IRS will never threaten a taxpayer or surprise him or her with a demand for immediate payment. 

Phone scams or “vishing” (voice phishing) pose a major threat. Scam phone calls, including those threatening arrest, deportation or license revocation if the victim doesn’t pay a bogus tax bill, are reported year-round. These calls often take the form of a “robocall” (a text-to-speech recorded message with instructions for returning the call).

The IRS will never demand immediate payment, threaten, ask for financial information over the phone, or call about an unexpected refund or Economic Impact Payment. Taxpayers should contact the real IRS if they worry about having a tax problem.

Next week we will reveal the next three alerts of the Dirty Dozen.

The COVID-19 pandemic has opened yet another door to scammers.  Thus, we want to share an article with you written by Jennifer Leach, Associate Director, Division of Consumer and Business Education, FTC, on various scams to be on alert for regarding Coronavirus stimulus checks.

Checks from the Government

As the Coronavirus takes a growing toll on people’s pocketbooks, there are reports that the government will soon be sending money by check or direct deposit to each of us. The details are still being worked out, but there are a few really important things to know, no matter what this looks like.

1. The government will not ask you to pay anything up front to get this money. No fees. No charges. No nothing.

2. The government will not call to ask for your Social Security number, bank account, or credit card number. Anyone who does is a scammer.

3. These reports of checks aren’t yet a reality. Anyone who tells you they can get you the money now is a scammer.

Look, normally we’d wait to know what the payment plan looks like before we put out a message like this. But these aren’t normal times. And we predict that the scammers are gearing up to take advantage of this.

So, remember: no matter what this payment winds up being, only scammers will ask you to pay to get it. If you spot one of these scams, please tell the Federal Trade Commission: www.ftc.gov/complaint. We’re doing our best to stop these scammers in their tracks, and your report will help.

For a full list of all the current scams please visit https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing

Capehart Blogs

Subscribe to Blog Updates

Categories