Introduction
As we get closer to 15 October, this can mean only thing that most Americans hate doing: paying taxes (of course, if you are getting a refund, this is an entirely different matter!). It is about at this time that we, the taxpayer, are starting to scramble around getting all of our tax documents ready for our accountant. But keep in mind also, this is yet another prime season for yet another group of people: the cyberattacker.
Given how everything is now digital and electronic in the tax filing, payment and/or refund process, this simply opens up more attack vectors for the cyberattacker to penetrate into, claim your identity, and make every effort to get money in a fraudulent manner.
It is not just individuals that are at stake, but even the IRS (especially with the spoofed websites), and the accounting firms themselves (because their databases are a sheer treasure trove of Personal Identifiable Information on their clients).
In this article, we examine some of the major tax fraud schemes that occur and how you can avoid becoming a victim of this.
The top scams
Phony calls from the IRS:
Apart from getting our inboxes flooded with spam emails, there is a trend now to receive a ton of unsolicited phone calls from cyberattackers. In these kinds of calls, the tactics of social engineering and instilling a sense of fear are primarily used in order to lure the victim in giving out their social security number, or worst yet, their credit card or banking information. In these kinds of calls, authentic looking numbers that appear to be coming from the IRS are used in order to make you even more scared and nervous.
During this conversation, the fictitious agent claims to be from the IRS, and makes bold statements saying that you owe back taxes from many years ago, and if you don’t pay, the IRS is going to immediately issue a warrant for your arrest and come after your property and assets. Of course, this instills a great sense of fear, and the knee jerk reaction would be to immediately pay up.
But… DON’T! First keep in mind that for the most part, the IRS will never, ever, call you about back taxes owed. All communications are done by snail mail. Second, the IRS – even if the off chance they do call you – have to abide by a certain set of behavioural protocols in which they, should never abuse, or even threaten you. In other words, the agent has to be cooperative and patient when talking with you on the phone.
But keep in mind that the cyberattacker is also using snail mail in addition to sending out phony emails that claim to be coming from the IRS. If you do receive this, always contact the IRS to see if they actually have sent that letter. If you don’t have the patience to wait hours on end to speak to an agent, then immediately reach out to your accountant, and have him or her make an attempt to determine the legitimacy of the snail mail correspondence, and if need be, even call the IRS on your behalf.
An unexpected tax refund:
Who would not like a nice large sum of money from the IRS, right? No doubt, receiving an unexpected refund will make everybody’s day a lot shinier, but keep in mind, that this could very well be a tactic known as the “bait and switch”. In this scheme, the cyberattacker has actually filed a fraudulent tax return using your Personal Identifiable Information (PII) so that you will indeed get a refund that comes legitimately from the IRS.
But before you spend that money on your next cruise vacation… HOLD ON! Within a noticeably short period of time, you will start to get phony calls from the cyberattacker, claiming to be an IRS agent, and stating that the refund was sent by mistake. They will then give you instructions as to how and where the money should be sent, which will probably end up in an illegal bank account somewhere in China. In these instances, always hang up.
The next thing you should do is call the IRS, and ask them why you got this refund, and if they don’t know why, then you know that this has been a “bait and switch” tactic. Don’t even think of spending the money, ask the IRS how to send the money back to them, because of course, they will want it returned. And if you do spend the money, not only will you have to pay the principal amount back, but even any penalties and interest that may accrue.
Our next article will examine the rest of the tax scams.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.
Visit his website at mltechnologies.io