Tax scammers are starting to call. They claim to be IRS agents demanding payment. They use fake I.D. and badge numbers so they sound official. Some may even know your personal information. Some will make threats of arrest if payment is not made by wire transfer or gift card. Other scammers are calling to trick you into sharing personal information so they can steal you identity. Some scammers are even targeting tax professionals and businesses. Remember the IRS does not initiate contact by email, text or social media.
What You Should Do
Many of these new scams are targeting businesses. Unlike previous scams, like the Nigerian Lottery and other Craigslist-based amateur scams that were riddled with spelling and grammatical errors, these new scams are harder to spot. The emails are carefully worded, using language applicable to the company in question, requesting amounts for funds that are in line with typical requests for the organization. The scammers are doing their homework, which is why it’s important to be diligent in confirming the legitimacy of all company emails.
Share this information with your company and put all employees on alert. Implement a system for approving and requesting a money transfer that relies on more than an email confirmation. The extra step may be a pain, but in the end, it could save thousands of dollars and more. The Internet Crime Complaint Center offers a full list of strategies to avoid falling for a cyberattack, but we’ve included a couple below:
- Verify changes in vendor payment location and confirm requests for transfer of funds.
- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
- Be careful when posting financial and personnel information to social media and company websites.
- Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
- Consider financial security procedures that include a two-step verification process for wire transfer payments.
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- If possible, register all Internet domains that are slightly different than the actual company domain.
- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.
Anyone who receives a sketchy scam email or falls victim to the cyberattack should file a report with the FBI via the Internet Crime Complaint Center and send an email to their state’s tax agency. Employees who face identity theft due to the theft of their W-2 should file form 14039, Identity Theft Affidavit, and read our post here on additional steps to take to mitigate the damage.
If you or your company has been victimized by this or a similar tax fraud scam and you need an attorney to discuss the best steps to take, call our office at 301-645-4100 to schedule a free consultation with our financial Attorney Dave Gormley.
- Phillips, K. (Feb 3, 2017) IRS Issues Urgent Alert As W-2 Phishing Scam Spreads During Tax Season.
- IR-2017-20. (Feb 2, 2017) Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups and Others
- (Aug 28, 2015) Business Email Compromise: An Emerging Global Threat