BLOG

Top IRS Scams to Watch Out for in 2021

6 minute read

Tax scams continue year-round, but as we move closer to April tax deadlines, they certainly spike. As with most cyber attacks, preying on human emotion is a huge component, and cyber criminals are fully aware of how overwhelming and stressful filing taxes can be. Catching anyone at the height of their worries makes them a better target and more likely to fall for phishing scams, identity theft, phone scams, and even ghost tax preparers. Your first line of defense comes with knowing what scams could be out there so you can quickly catch the signs. In this post, we’ll define IRS scams, review some of the top scams we’ve seen, and outline a few ways to protect yourself while you file your taxes this year.

Defining the IRS Scam Landscape

Tax scams can come in various forms, but it’s the carefully crafted tactics that make them unique in the cyber attack landscape. A cyber criminal will employ any method that works in order to trick victims into sharing personal and financial information. Not all victims are individual taxpayers either; mail, phone, email, and more are all leveraged to target every aspect, including businesses, payroll, and tax professionals.

These scams have also evolved to encompass identity theft tied to unemployment benefits as well as other pandemic-related relief efforts. “Tax scams tend to rise during tax season or during times of crisis, and scam artists are using the pandemic to try stealing money and information from honest taxpayers,” says IRS Commissioner Chuck Rettig. “We urge people to watch out for these scams.”

According to the Federal Trade Commission’s 2020 Consumer Sentinel Network data, over 4.7 million consumer reports were received last year alone, with roughly 2.2 million being fraud related. Of those fraud reports, 34% reported a loss which equated to over $3.3 billion total fraud losses. Quite often, this is the type of fraud that follows tax scams. 

IRS Scams Example
Federal Trade Commission’s 2020 Consumer Sentinel Network data

Top 5 IRS Scams to Watch For

One of your best options when it comes to avoiding an IRS scam is being able to spot them quickly. Know the golden rule: the IRS will never, “initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information.” That being said, phishing artists can be highly skilled at posing as the IRS regardless of the golden rule, and they employ scare tactics urging victims to act quickly. Here are the top five scams our threat research team wants you to keep an eye out for this tax season:

  1. IRS Impersonation Email and Website Scams: These generally entail phishing, stay alert to potential fake emails or websites looking to steal personal information. Phishing schemes using everything from emails, texts, hyperlinks, and high-fidelity websites have certainly spiked, and the use of trigger words like “COVID-19″ and “stimulus” are being used in a variety of ways. These scams are sent out in massive numbers to unsuspecting victims, hoping to grab sensitive information ranging from social security numbers, financial details, Electronic Filing Identification Numbers, bank account numbers, passwords, personal identification, and more. Any way to play on fears, stress, and uncertainty is a direct way for cyber criminals to manipulate targets into action. You can read more about financial schemes related to the pandemic here. As enticing and urgent as it may seem, never click on links claiming to be from the IRS. There are other ways to contact the IRS directly to confirm the information you have received. 
  2. IRS Impersonation Telephone Scams: Although these scams can vary greatly, one of the most common angles for a cyber criminal is intimidating calls posing as an IRS representative. Again, as with most phishing, the ploy is to play off fear and create a false sense of urgency. These aggressive phone scams, also called vishing, threaten consequences such as jail time if not paid immediately. Robocalling is also used to reach as many targets as possible, as quickly as possible, by leaving a pre-recorded message with instructions on the next steps. We’ve even seen the use of spoofed numbers to make an incoming call look legitimate. Should this happen to you: Hang up and report the call to TIGTA at 800-366-4484, or [email protected], immediately.
  3. Social Media Scams: A cyber criminal’s primary goal for using social media for tax fraud is identity theft. It is easier than you may think to pose as a person close to the victim on these platforms and solicit information. For example, the scammer can use personal information posted on social accounts to entice contacts into opening messages with malicious links. They can also breach the social account directly and reach out to the victim’s family, coworkers, or friends with fake messages that seem authentic at first glance. Scammers use the vast “sharing of information” on social media as the perfect gateway for a wide variety of attacks.
  4. Ghost Tax Return Preparers: If your tax preparer skips signing your return or doesn’t include a Preparer Tax Identification Number, they are breaking the law. Either they don’t want to be held responsible and will be impossible to track down again if there are any issues, or they are out to make quick money. Suppose you have a preparer asking for cash, refusing to provide a receipt for their services, pulling in fake deductions or listing incorrect incomes, or even being as bold as to have refunds deposited to their own accounts. In that case, you have a scam on your hands. The IRS offers advice if you aren’t quite sure where to begin finding the proper tax professional.
  5. W-2 Phishing Scams: Cyber criminals target payroll and human resource professionals to solicit employee W-2 information; this is closely tied to a Business Email Compromise (BEC) scheme. Spear-phishing is employed here to pose as a CEO or executive asking for copies of these forms, which has all the sensitive information they would need to file a return and more. It’s best to be vigilant whenever you are asked to share sensitive information and check your sources. Read several tips the IRS published as part of their “Don’t Take the Bait” campaign.

Steps to Protect Against Tax Scams 

Besides the security hygiene practices you should already have in place when it comes to phishing and any form of financial fraud, there are a few specifics to keep in mind when it comes to tax scams.

  1. The IRS will never call to demand a form of payment immediately, require that you pay in a specific way such as a prepaid debit card, ask for financial information over the phone, or threaten consequences.
  2. Call the IRS directly if you have any questions about what you owe or think you may owe as you file taxes: 800.829.1040. You can also visit their online system to access your individual account information securely.
  3. Know the legitimate IRS payment options and reference the IRS website dedicated to tax fraud awareness and identity theft.
  4. Ask for the IRS agent’s HSPD-12 card. This form of identification is a pivotal way to verify identity. You can confirm this number directly by calling one of the many IRS customer service numbers
  5. Set up your IRS IP PIN today; this new IRS security tool is a great way to protect against identity theft, and this year it has been made available for all taxpayers. This extra layer of identity verification, along with your Social Security Number, helps to weed out false tax returns.
  6. Request a demo of ZeroFox’s anti-phishing software and learn more about detecting phishing threats with our “The Anatomy of a Phishing Kit: Detect and Remove Emerging Phishing Threats” whitepaper.

See how ZeroFox protects enterprises against targeted multi-channel phishing and fraud attacks across the web, email, and social media.


See how ZeroFox protects enterprises against targeted multi-channel phishing and fraud attacks across the web, email, and social media.

Get
Started

Subscribe to our Blog

Best practices, the latest research, and breaking news, delivered right to your inbox.