The Internal Revenue Service said today with the approaching tax filing April 18th deadline scammers are becoming even more desperate that ever to steal your money and identity.
The IRS said there has been a 400% surge in phishing and malware incidents in this tax season alone and that scam artists are more frequently masquerade as being from the IRS, a tax company and sometimes even a state revenue department.
+More on Network World: IRS warns of nasty W-2 phishing scheme+
“By email, they try enticing people to click on links on official-looking messages containing questions related to their tax refund. Report these emails to email@example.com. By phone, many scammers use threats to intimidate and bully people into paying a tax bill. They may even threaten to arrest, deport or revoke the driver’s license of their victim if they don’t get the money,” the IRS stated.
"We’ve seen continuing activity in these scams throughout the filing season," said IRS Commissioner John Koskinen in a statement. "As the tax deadline nears, these criminals may try and trick honest taxpayers over the phone or via email, and people should remain vigilant. After the tax deadline, watch out for these scammers promising a refund or threatening you with an unexpected tax bill."
The IRS noted examples of the varied tactics seen this year including:
- Soliciting W-2 information from payroll and human resources professionals
- “Verifying” tax return information over the phone
- Pretending to be from the tax preparation industry
- Scammers making unsolicited calls claiming to be IRS officials. They demand that the victim pay a bogus tax bill. They con the victim into sending cash, usually through a prepaid debit card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls,” or via a phishing email.
- There has been a surge in e-mail scams this year that appear to be from a tax agency or a tax software company.
- One common trick by criminals is to impersonate a business such as your financial institution, tax software provider or the IRS, asking you to update your account and providing a link. For small business, these schemes may try impersonating a company leader and request payroll and human resource information for employees in your company. Never click on links even if they seem to be from organizations you trust. Go directly to the organization’s website.
+More on Network World: The Big Hang-up: IRS customer call center service stinks+
The IRS warnings continue despite recent reminders that the agency needs to tighten up its own security house too.
The Government Accountability Office this week said that while the IRS had instituted numerous controls over key financial and tax processing systems, it had not always effectively implemented other controls intended to properly restrict access to systems and information, among other security measures.
“In particular, while IRS had improved some of its access controls, weaknesses remained in key controls for identifying and authenticating users, authorizing users' level of rights and privileges, encrypting sensitive data, auditing and monitoring network activity, and physically securing facilities housing its information technology resources. As a result, taxpayer and financial data continue to be exposed to unnecessary risk.” the GAO stated.
Identity theft refund fraud continues to be serious problem, the GAO said that the IRS estimates it paid $3.1 billion in fraudulent refunds in filing season 2014, while preventing an additional $22.5 billion. The full extent is unknown because of the challenges inherent in detecting this form of fraud, the GAO stated.
+More on Network World: IRS: Top 10 2015 identity theft busts+
As one example of how the IRS has holes in the identity fraud prevention arena, the GAO cited a March 2016 IRS security review where the tax agency had temporarily suspended the Identity Protection Personal Identification Number (IP PIN) service on IRS.gov. The IP PIN is a single-use identification number provided to taxpayers who are victims of identity theft (IDT) to help prevent future IDT refund fraud.The service on IRS’s website allowed taxpayers to retrieve their IP PINs online by passing IRS’ authentication checks. These checks confirm taxpayer identity by asking for personal, financial and tax-related information. The IRS stated that it was conducting further review of the IP PIN service and is looking at further strengthening the security features before resuming service. As of April 7, the online service was still suspended, the GAO stated.
Check out these other hot stories: