Beware tax preparer and charity scams, plus unemployment insurance benefits fraud

Susie Winston, a professional tax preparer, received this email:

Your account has now been put on hold.

ALL preparers are required to apply security feature to their Tax Pro account towards 2021 Tax Returns processing.

You have failed to apply new update before expiry date

You are restore and update your acc|ount immediately.

Please Click Here to update your acc|ount now.

Important

Failure to update your account within the next 24hours will lead to your account being terminated and be barred from filing tax returns claims for 2021 tax season Your access will be restored once you have updated your details.

Sincerely,

IRS.gov eServices

Despite poor syntax, grammar and spacing in the email, a legitimate IRS logo persuaded Winston to click “Please Click Here,” which, of course, allowed cybercriminals to download malware that stole her clients’ personally identifiable information (PII).

The case is fictional, but according to the IRS, cyberfraudsters have used the email to steal the identities of clients and file fraudulent tax returns for refunds. (See “Latest spear phishing scams target tax professionals,” IRS, Feb. 16, 2022.)

According to the IRS, these scams involve email messages, and their subject lines vary, but the goals are the same. The agency offers advice for tax professionals:

• If you received a scam email, save it as a file and send it as an attachment to phishing@irs.gov. Report it to the Treasury Inspector General for Tax Administration (treasury.gov/tigta).
• If you clicked on one of the URLs and then entered in your account information, contact your tax software preparation provider’s support hotline.
• For additional information and help, review “Safeguarding Taxpayer Data,” and “Identity Theft Information for Tax Professionals.”

Ukraine charity scams

Fraudsters quickly concoct scams to take advantage of crises or disasters, such as the Ukraine war. Fake charities, of course, prey upon emotions to steal money and PII for identity thefts. To cover their tracks and prevent tracing of their actions, fraudsters might ask victims to wire cash or cryptocurrency donations. Or, if the fraudsters’ preferred method of payment is a credit card, then the probability of identity theft increases immensely.

The FTC provides the following advice:

• Slow down and check out the organization. Search online for the name of the group combined with words like “review,” “scam” or “complaint” to discover any bad experiences. See what charity watchdog groups say about that organization. [See “How to donate wisely and avoid charity scams,” Federal Trade Commission (FTC).]
• Find out how your money will be spent. Ask, for example, how much of your donation will go to the program. Those who call for donations should be able to answer this and other critical questions. (See “Five Things to Do Before You Donate to a Charity,” FTC.)
• Know who’s asking. Don’t assume a request to donate is legitimate because a friend posted it on social media. Your friend might not personally know the charity or how it spends money. (See “Donating Through Crowdfunding, Social Media, and Fundraising Platforms,” FTC.)
• Examine fees and timing, especially if you’re donating through social media. Check fees and how quickly your money gets to an organization.

Unemployment benefits insurance fraud

Perpetrators of burgeoning unemployment benefits insurance fraud, precipitated by pandemic-related job losses, generally use two methods: 1) unscrupulous employees double dip by fraudulently obtaining unemployment benefits while still working, and 2) unscrupulous employers and outsiders, including criminal gangs, fraudulently use stolen identities to receive unemployment benefit funds.

On March 4, Darris Cotton, 30, of Vista, California, pleaded guilty in federal court for stealing more than $300,000 in unemployment benefits by submitting false applications to the California Employment Development Department (EDD). [See “Vista Man Pleads Guilty to Fraudulently Obtaining More than $300,000 in Unemployment Benefits,” U.S. Department of Justice (DOJ), March 4, 2022.] The money Cotton stole was part of the $2 trillion allocation authorized by the U.S. Coronavirus Aid, Relief, and Economic Security (CARES) Act.

According to the U.S. Department of Justice Southern District of California U.S. Attorney’s Office, Cotton stole the identities of at least 16 individuals and filed unemployment claims on their behalf using their names, dates of birth and Social Security numbers. EDD mailed debit cards to Cotton’s home address. He used the debit cards to purchase money orders to buy luxury goods. He also filed fake claims in Arizona, Maryland and Pennsylvania.

In a plea agreement, Cotton forfeited $97,400 in money orders and more than $15,000 in currency seized during the investigation. He was scheduled to be sentenced May 27, 2022.

In October 2020, FBI and IRS agents arrested four people in Florida and seized more than $1.2 million in cash for alleged fraudulent unemployment insurance claims submitted to the Rhode Island Department of Labor and Training and other government agencies for benefits funded partially by the CARES Act.

According to the IRS, the fraudsters used stolen PII to open bank accounts in victims’ names. The bad guys then quickly deposited and withdrew fraudulently obtained unemployment insurance benefits funds. Agents also seized several hundred debit cards in the names of those whose identities were allegedly stolen.

The five defendants were charged with bank fraud, wire fraud, conspiracy to commit bank and wire fraud, access device fraud, money laundering, conspiracy to commit money laundering, aggravated identity theft, theft of public money, conspiracy to commit theft of public money, conspiracy to commit access, conspiracy to commit access device fraud and conspiracy to commit aggravated identity theft. (See “Four arrested, more than $1.2 million seized in federal, state investigation into CARES Act unemployment benefits fraud in Rhode Island,” IRS, newsroom, Oct. 14, 2020.)

The DOJ provides advice for those victimized by an unemployment insurance (UI) scam:

• If a UI claim has been filed in your name without your permission, immediately report it to your state workforce agency. Refer to the state UI fraud resources and links in the “Unemployment Insurance Fraud Consumer Protection Guide,” Sept. 21,  2020.
• If you are employed, notify your employer of the fraudulent claim because it also has to file documentation.
• File a complaint with the National Center for Disaster Fraud (NCDF).

The DOJ also provides advice to help protect yourself from UI fraud:

Do not share your PII with unknown parties.

• Follow good computer hygiene and cybersecurity practices. Ensure that the passwords on your accounts are unique and sufficiently complex. Change them often and add two-factor authentication wherever you can.
• Take advantage of credit-monitoring services if you have been notified that your information has been exposed to a data breach. Make use of the website annualcreditreport.com to obtain a free credit report from each credit reporting bureau once a year.
• Place a freeze on your credit to prohibit fraudsters from opening any new credit applications in your name. (For instructions, see “What To Know About Credit Freezes And Fraud Alerts,” FTC.)

Now the good news. Because of the unprecedented scope of UI fraud, the DOJ established the National Unemployment Insurance Fraud Task Force (NUIFTF), a prosecutor-led "multi-agency task force. The NUIFTF is working with state workforce agencies, financial institutions, and law enforcement partners across the U.S. to fight UI fraud.

Here to help

Please use information about these scams in your outreach programs and among your family members, friends and co-workers.

As part of my outreach program, please contact me if you have any questions on identity theft or cyber-related issues that you need help with or if you would like me to research a scam and possibly include details in future columns or as feature articles.

I don’t have all the answers, but I will do my best to help. I might not get back to you immediately, but I will reply. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, is a distinguished professor of accounting and research at a university in the U.S. Northwest. He’s a member of the Accounting Council for the Gerson Lehrman Group, a research consulting organization and is a member of the White Collar Crime Research Consortium Advisory Council. He’s also on the ACFE Advisory Council and the Editorial Advisory Committee. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.