The Internal Revenue Service is urging tax professionals to step up security and beware of phishing emails that secretly download malicious software that can help cybercriminals steal client data. Because of the inroads that the IRS and its Security Summit partners have made against identity theft in recent years, cybercriminals have evolved their tactics to focus on tax professionals where they can steal client data. Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions.
Under the new scam, cybercriminals use the stolen data to file returns and have the refunds deposited into individuals’ real bank accounts. They then use various tactics to reclaim the refund from the taxpayers.
One tactic involves criminals posing as debt collection agency officials acting on behalf of the IRS who contact taxpayers to say a refund was deposited in error and asking them to forward the money to their collection agency. In another version, taxpayers who receive the erroneous refunds get an automated call with a recorded voice claiming to be from the IRS and threatening them with criminal fraud charges, an arrest warrant and a “blacklisting” of their social security numbers. The recorded voice gives the taxpayers a case number and a telephone number to call to return the refund.
Click here to see the procedures the IRS recommends for tax professionals to report potential data thefts. Click on this link to see the proper procedures for returning erroneous deposits.