Tax payers and Tax Pros Urged to Step Up Security as Filing Scheme Emerges, Reminded to Report Data Thefts

I am a mentor at River Bend Maximum Security Institution.  Last week one of the inmates came to ask if I could assist him with some taxation problems.  It seems someone has been filing income tax returns using the incarcerated inmate’s social security number.  To accomplish that, the perpetrator had to falsify a Form W-2, change the address of the inmate and then collect tax refunds that were fictitious.  This is not an isolated case. In fact, it is quite common place.  Since the incarcerated inmates usually do not file taxes, the perpetrators have plenty of time to work the fraud.  The IRS is bracing for a new filing season scam.  The IRS sent a bulletin to all tax preparer professionals to step up security and beware of phishing emails that can secretly download malicious software that can help cyber criminals steal client data.  We are only a few days into the tax filing season and the IRS has already identified a new scam that began with cyber criminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns.

The fraudulent returns in a few cases used the taxpayers’ real bank accounts for the deposit. A woman posing as a debt collection agency official then contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to forward the money to her.  Brassy, huh?  This scheme is likely just the first of many that will be identified this year as the IRS, state tax agencies and professional tax preparers continue to fight back against tax-related identity thieves. Every time the Security Summit partners make new plans to protect against identity theft, cyber criminals have evolved their tactics to focus on tax professionals where they can steal client data.  Our computers are protected, but scammers are savvy.  It is shameful that people steal from others, instead of using their obviously gifted knowledge to do something to help other people. Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions. Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.  Therefore, tax professionals are reminded that there is a procedure for them to report data thefts to the IRS. They need only contact their state’s IRS Stakeholder Liaison, who will notify appropriate IRS officials and serve as a point of contact. All practitioners should review Data Theft Information for Tax Professionals for details about the process and the additional steps they should take. If you are scammed, tell your tax preparer so the fraudsters will be prosecuted. If we immediately notify the IRS, they can take steps to help protect taxpayers from tax-related identity theft. IRS Criminal Investigation agents are still reviewing this latest data theft scam. However, the vast majority of data thefts occur because the tax preparer or someone in the office opened a phishing email and clicked on a link or attachment that contained malware.  There are various forms of malware but some download secretly into computers and allow thieves to see each keystroke or give thieves remote access to computers. Both versions allow thieves to steal data stored on the computers.  If we work together, we can stop the cyber felons from stealing. Tax professionals should review the Security Summit’s Don’t Take the Bait campaign, which outlined the various scams used by criminals to trick practitioners.  Remember, it is up to us to report it and assist the authorities to stop it.  Do not be a bystander, get involved and help stop the fraud.

For more information, call Wilson & Wilson, PC, CPA, CFE at 615-673-1330   or  email  jim@