Cybercriminals are on the prowl, and phishing schemes are surging this year. Stolen information is increasingly being used to file fake tax returns.
IRS experts expect an increase in tax fraud this year. While the agency often is able to identify and catch fraudulent filings, some fake returns do get through. In 2013, for example, the Government Accountability Office found that the IRS stopped $24.2 billion in fake tax return refunds, but still paid out $5.8 billion. Below are a few current schemes to be aware of and some ways you can protect yourself.
It is usually not the same cybercriminals who steal the information and then file the fake tax returns. One set will steal the underlying records or information and then sell it to others, who then file fake tax returns. Given the lucrative nature of phony tax return filing, it creates a large demand for criminals who specialize in stealing the information as medical records are worth more than most sources. Stolen health care records often contain everything an identity thief needs, including Social Security numbers, and as a result can sell for multiples of what credit card records price at on the black market.
Beware the Boss
Another resurgent scam comes in the form of identity thieves sending out phony emails pretending to be a top level executive at an employee’s company, often the president or CEO. In these emails, the writer demands W-2 files in electronic format, usually with a sense of extreme urgency.
Unlike other “boss request” scams, this set is not targeting individual employees and instead targets human resources and payroll professionals. Phishing for W-2s isn’t a new trick, but it can catch people off guard who have never run into it before. Obtaining a W-2 makes it extremely easy to create a fake tax return and make up huge false refund requests – hence the rise of this scam.
The current crop of these emails is more sophisticated than similar scams in the past. They create more plausibility by only targeting human resources and payroll employees and come from authentic looking email addresses. According to the IRS, some examples of the text in these emails include:
Some of the key tip-offs that these emails are phony are the use of the words “kindly”, “PDF” and anything that implies extreme urgency in response time.
There are numerous actions you can take to protect yourself.
If you have been a victim of identity theft, you should monitor your brokerage, bank and credit card accounts for any unusual activity. Finally, always remember that the IRS does not initiate contact with taxpayers by e-mail or phone – only by mail.