Tax season has ended but scams haven't

Fraudsters have invented new themes on old schemes. They threaten to suspend Social Security numbers or tell victims they owe money to fake government organizations.

Misty Franklin filed her tax return on time, so she felt confident that she had a full year to file her next one. Unfortunately, she didn’t understand that she’d jumped the gun. A credit card company sent her a bill showing a large balance on her “new account,” and payment was due. Misty was stunned. She hadn’t requested the credit card, so she immediately called the company to find out what had happened. The company representative told her that someone had probably stolen her U.S. Social Security number (SSN) and used it to purchase the “new” credit card. The company launched an investigation and later told her that it had deleted the credit card from its system, and she didn’t owe a balance.

However, she later remembered that the U.S. Internal Revenue System (IRS) had supposedly called to tell her that she owed back taxes and threatened to suspend her SSN if she didn’t wire funds to “pay off the balance due.” She realized that a fraudster had scammed her. In addition to losing the wire money, she now had to worry about her compromised SSN.

Misty’s case is fictional, but the scenario illustrates a common occurrence related to a new version of a tax-related scam. You’d think that tax scams would diminish after tax season ends. Guess what? They’re continuing with vigor. Fraudsters continue developing new versions of tax scams to catch people off guard and steal their personally identifiable information (PII) and money. Victims whose PII is compromised are vulnerable to other types of scams, including attacks on their bank accounts. U.S. taxpayers should be aware of these emerging versions of tax-related scams, which crooks normally deliver via phishing emails and telephone.

On June 5, the IRS posted an alert on its website warning taxpayers about two new tax-related scams. The first involves SSNs related to tax issues — the SSN hustle — and the second threatens people with a tax bill from a fake government agency — the fake tax agency scam.

SSN hustle

In this scam, fraudsters might refer to potential victims’ overdue taxes in their messages and claim that they can cancel or suspend SSNs unless they meet certain conditions, such as wiring funds to pay for “back taxes.” The IRS says that this version mirrors other IRS impersonation scams.

In its nationwide 2018 Consumer Sentinel Database, the Federal Trade Commission (FTC) listed imposter scams as the No. 1 complaint category — registering 535,417 of the nearly 3 million reported. Imposter scams totaled losses of nearly $1.48 million — 38% more than in 2017 — and had a median loss of $500. Government-related imposter scams accounted for nearly half of the reported imposter scams, which represented a significant increase from 2017.

(For a recent analysis of identity theft-related complaints in the 2018 Consumer Sentinel database, see my July/August Fraud Magazine column, 2018 FTC numbers paint a worsening fraud picture.)

Of course, fraudsters design all imposter scams to convince you to turn over your PII and/or financial-related resources to pay for things like “unpaid taxes.” These scams can involve common scenarios, including online dating, computer tech support, family emergencies, and family members or caregivers and government agencies, including the IRS, Social Security Administration (SSA), etc.

Because SSNs are still prime PII, scammers often falsely masquerade as SSA employees. These scams involve telling individuals that their SSNs have been suspended, or they have other fraudulent-account issues. Always remember that the SSA will never suspend your SSN or charge you for a replacement.

Fake tax agency

In this new version of a tax-related scam, a fraudster threatens a taxpayer with an IRS lien or levy. In both cases, the crook purports that the potential victim owes delinquent taxes to a fake government agency, such as the “Bureau of Tax Enforcement.” The scammer tries to confuse the would-be victim into believing that the message is real by pretending to be an IRS official.

Fraudsters, when delivering their scams via telephones, try to create a sense of urgency with their intimidating messages. For example, they could threaten to issue a warrant for an arrest, involve other government agencies, deport the victim (or one of their family members) or revoke crucial licenses. The IRS doesn’t use any of these approaches when communicating with taxpayers. It will:

• Never call to demand immediate payment using a prepaid debit card, gift card or wire transfer.
• Threaten to immediately bring in local police or other law-enforcement groups to arrest the taxpayer.
• Always give a taxpayer the opportunity to question or appeal the amount owed.
• Never ask for credit or debit card numbers over the phone.

Fraudsters typically fake or spoof caller ID numbers in an attempt to make victims believe that calls are coming from actual IRS offices. Caller ID spoofing conceals the identity of the outgoing caller ID with a fake number, which is illegal if used for fraudulent purposes. The intention, of course, is to keep taxpayers from verifying actual phone numbers. Fraudsters do this with all types of local, state and federal agency scams to attempt to appear legitimate.

On June 18, the Cybersecurity and Infrastructure Security Agency (CISA) reported an email phishing scam “that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications.” The fraudsters use a false email address on what appears to be a National Cyber Awareness System (NCAS) alert.

The CISA provides this advice:

• Be wary of unsolicited emails, even if the sender appears to be someone you know. Try to verify web addresses independently, such as by searching the internet for the main website of the organization.
• CISA will never send NCAS notifications that contain email attachments.
• Immediately report any suspicious emails to your information technology help desk, security office or email provider.

The IRS doesn’t ask taxpayers for financial information or PII in email messages. If a user has an overdue tax bill, a delinquent tax return or employment tax payment, an IRS representative might call or visit the taxpayer’s home or business. The IRS also might request to visit a business as part of a civil investigation, such as an audit or collection case, or during a criminal investigation.

The IRS provides advice to those taxpayers who don’t owe taxes or have no reason to think they do:

• If the IRS supposedly calls, don’t speak and hang up immediately.
• Contact the Treasury Inspector General for Tax Administration via its IRS Impersonation Scam Reporting web page.
• Report the caller ID and callback number to the IRS at phishing@irs.gov (subject: IRS phone scam).
• Report the scam attempt to the FTC at ReportFraud.ftc.gov.

For taxpayers who owe money to the IRS, or think they do, the IRS advises:

• View your tax account information at IRS.gov to see the actual amount owed and review your payment options.
• Call the IRS at 800-829-1040.

Share, share, share!

Please share this information with your business associates, family, friends and clients. Include it in your outreach programs. An important takeaway from this column is that old scams, whether tax-related or not, usually don’t fade away.

Please contact me if you have any identity theft or cyber-related issues that you’d like me to research and possibly include in future columns or as feature articles, or if you have any questions. I don’t have all the answers, but I’ll do my best to help. I might not get back to you immediately, but I will reply. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Wash. He’s also on the ACFE’s Advisory Council and the Editorial Advisory Committee. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.