WASHINGTON, D.C. — Scammers are overwhelmingly turning to "phishing" schemes this year, according to a statement from the Internal Revenue Service (IRS). The agency highlighted fake emails and websites aimed at gathering personal information as a popular method today.
Phishing scams topped an annual IRS list called the "Dirty Dozen," a list of the 12 most common tax-related scams of the year.
Scammers could be using taxpayers' bank accounts against them, according to the IRS. A recent scheme has scammers stealing client data from tax professionals, then using that data to file fake tax returns. The returns are still deposited into the real taxpayer's bank account, but then scammers will contact the taxpayer pretending to be the IRS or a collection agency, in an attempt to claim the deposited sum through a common con.
The IRS is urging taxpayers to be alert for unexpected deposits in their accounts, and they have compiled some helpful tips here.
Tax scammers are also using hacked email accounts to pose as a trusted person or organization, directing taxpayers to malicious websites in an attempt to gather personal information or extort money. Personal info gathered in this way can then be used in identity theft, the IRS warns.
Fraudulent emails and websites can also be used to transmit malware, again with the purpose of gathering personal information—including logins and passwords.
Recent data breaches at companies with personal info for millions of consumers—such as the Equifax data theft in September—may be giving criminals a leg up in filing fraudulent returns on the behalf of unsuspecting taxpayers. The IRS is urging tax-preparation professionals to be vigilant for anything that looks out of the ordinary. Criminals are targeting professionals to steal even more taxpayer data.
The IRS says that they've recently teamed up with software companies, tax professionals, and state tax administrators to form the Security Summit. In addition to tightening security within these organizations, Security Summit aims to spread awareness about how taxpayers can protect themselves.
Suspicious emails from senders posing as the IRS or similar organizations can be reported by forwarding the suspicious message to firstname.lastname@example.org.
The IRS has stressed that they do not initiate contact with taxpayers via email, especially to request personal or financial information. This also applies to text messages or social media channels.