The IRS’s 2021 ‘Dirty Dozen’ Tax Scams: Personal Information Cons

July 25th, 2021

Identity theft has grown to become one of the most popular frauds of all. So it’s no surprise that the IRS has recently flagged a few personal information cons as some of the biggest scams to watch.

Every year, the IRS releases its “Dirty Dozen” — a list of 12 prominent or up-and-coming tax scams that Americans should keep a close eye on. And 2021’s list is finally here.

In past years, the IRS has released all 12 Dirty Dozen tips at once. But for 2021, it parceled out the list across four broader themes that we are covering in detail. This week’s theme is a familiar one that gets increasingly sophisticated each year, and continues to dupe millions of Americans: personal data scams.

The Dirty Dozen: Personal Information Scams

The IRS highlights four common scams designed to grab your tax-related and other personal information:

Phishing scams

A quick reminder: “Phishing” is when a fraudster sends a communication that appears to be from a legitimate source in hopes that you will either provide personal data or unknowingly download a malicious program that will collect your information. And around tax time, scammers unsurprisingly pose as either the IRS or others in the tax community.

Phishers typically will try to collect your data by falsely stating that you are due a large refund, saying you are eligible for a missing stimulus payment, or even threatening you about owing the IRS money that you don’t actually owe. In all cases, the IRS will not solicit your personal information via email, text message or other electronic communication. So avoid opening any attachments or clicking any links, as they’re likely to lead to malware.

But taxpayers aren’t the only people at risk from phishing — tax pros are, too.

“The IRS warns tax professionals about phishing scams involving verification of Electronic Filing Identification Numbers (EFIN) and Centralized Authorization File (CAF) numbers,” the IRS says. “The agency has seen an increase in these kinds of scams, along with offers to buy and sell EFINs and CAFs.”

One email sender field that has frequently been reported is “IRS Tax E-Filing.” So if you see this or any other questionable sender field, do not open any attachments or click any links.

Impersonator phone calls/vishing

Similarly, the IRS warns that fraudsters have been stepping up voice-related phishing, or “vishing.” In short, scammers are also calling taxpayers seeking personal information.

In the past, scammers have posed as IRS representatives. So the IRS reminds taxpayers that they’ll generally first reach out about unpaid taxes by mail, not by phone. And when they do call by phone, they won’t ask to be paid by iTunes card, gift card, prepaid debit card, money order or wire transfer.

However, these types of calls were on the decline last year. On the rise were attempts by scammers to use fake tax lien information to grab personal information.

If you receive a scam call, the IRS says to hang up immediately and not give out any information. They also can report the call to the Treasury Inspector General for Tax Administration (TIGTA).

Social media scams

Social media is another breeding ground for personal information cons.

Fraudsters will often monitor social media accounts to gain personal information they can later use against the victim. In some cases, they’ll impersonate the victim’s family, friends or co-workers to either gain the information directly, or to get them to trust the recipient so they open an attachment or click a link leading to a malicious program.

In other cases, scammers infiltrate victims’ emails and cell phones. They then target contacts with fake emails or text messages that appear to be real. For instance, they might solicit donations to fake charities appealing to the victims.

The IRS suggests all taxpayers review their privacy settings and limit data that is publicly shared.

Ransomware

Businesses, especially financial institutions, should be on the lookout for ransomware.

“The U.S. Treasury Financial Crimes Enforcement Network (FINCEN) has noted that ransomware attacks continue to rise across various sectors, particularly across governmental entities, as well as financial, educational and healthcare institutions,” says the IRS. “Ransomware attacks on small municipalities and healthcare organizations have increased, likely due to the victims’ weaker cybersecurity controls, such as inadequate system backups and ineffective incident response capabilities.”

Ransomware effectively blocks access to your computer or an entire system by encrypting data. It then demands a ransom payment to have your access restored. Sometimes, scammers will use phishing attacks to get victims to download malicious files or go to a malicious site. More dangerous are “drive-by malware attacks,” in which a scammer manages to get malicious code onto a legitimate website.

Businesses should train their staff on cybersecurity best practices and keep abreast of news of fraud-related behavior.

Our Tax Professionals Are on Your Side

McManamon & Co. offers a wide array of services to small and midsize businesses, including tax services such as filing, planning and compliance. Learn more about the myriad ways we can assist your small business. Call us at 440.892.8900 or contact us online today.