Tax Day 2022—the deadline for filing your 2021 tax return—falls on Monday, April 18, and with an increase in last-minute filing comes a corresponding surge in tax-related fraud. Government organizations like the FBI and the Better Business Bureau have recently joined with cybersecurity experts to issue several recent bulletins about scammers trying to steal sensitive information and file fraudulent returns.
Con artists work in a multitude of ways, attempting to target both tax preparers and taxpayers. Phishing scams often come from bad actors posing as potential clients or the IRS, but the goal is typically the same: to trick email recipients into sharing sensitive information like Social Security numbers, clicking a link to confirm a return, or providing bank account details to deposit a supposed refund.
Believe it or not, these illicit refunds can often be directed to the real taxpayers’ bank accounts—then criminals can try to recall the funds by posing as debt collectors or the IRS.
The IRS recommends that tax professionals and taxpayers use the Identity Protection PINs issued by the agency to protect private information. And with Tax Day less than two weeks away, CMIT Solutions recommends the other strategies outlined below, all of which should be backed by the support and consultation of trusted IT and tax professionals:
1. Want to file electronically? Use a password-protected Internet connection. Whether you’re filing on your own or working with a professional tax preparer, only work on your returns or send sensitive tax documents when connected via a trusted, secure Internet method. That means no public Wi-Fi at coffee shops, hotel business centers, airports, or other public places. Make sure any online tax service website you connect with contains “https” in the URL as well.
2. Be cautious about communicating about tax matters solely through email. Since phishing emails are so common this time of year, look out for messages purporting to be from tax prep services like TurboTax or tax preparers. Hover over any web links to be sure that what’s written in the email matches the target address. Be particularly cautious about email communication if any unusual accommodations are needed, like requests for duplicate W-2 copies, address changes, Social Security numbers, e-signatures, or financial information. If a phone call, secure virtual meeting, or in-person appointment is available, opt for that instead of email communication if valuable data needs to be transmitted.
3. If you’re mailing a paper copy of your return, send it directly from the post office. Although this type of tax fraud is rare, it’s always best to be overly protective of your return. Never place any tax returns in an outgoing mailbox that can be accessed by someone else. And avoid storing pictures of sensitive tax forms, refund details, signatures, or SSNs and PINs on your mobile device or computer.
4. Deploy proactive monitoring and maintenance to defend against malware, viruses, and phishing, this month and throughout the year. These services are critical now, but they’re also important on a day-to-day basis. Some tax software applications require security updates, and managed services can deploy such updates and patches automatically and during off-hours to help your employees avoid evolving tax scams. Regular network analysis will also keep up with any attempts to steal information and prevent bad actors from compromising your devices, files, and systems.
5. Educate all staff members about phishing scams as the tax filing deadline looms. Make sure employees use strong, unique passwords with two-factor authentication and password management where necessary. Never take an email from a familiar source at face value. If any message asks you to open a link, or includes a threat to close your account, use caution before clicking on it. And NEVER click to open any attachment included in an email that discusses tax information.
BONUS TIP: The IRS cautions tax professionals and taxpayers to watch out for variations on the following schemes. Use caution if you see anything like the following in your inbox:
- “Need help filing your taxes? Our CPAs can help you finish your tax return today in time for the April 18 filing deadline.”
- “Not sure about all the new tax credits for 2021? We can help you get the biggest refund.”
- “I got your recommendation from a friend of mine. Please get back to me ASAP so I can send you my W-2s.”
The IRS also warns about cybercriminals posing as IRS e-Services, sending emails or calling tax professionals and asking them to sign in to their accounts and check their PINs. The link, however, redirects to a fake site that then steals usernames and passwords. Remember, the IRS makes a point of not sending unsolicited emails — and your tax preparer shouldn’t either!
If you’ve received a suspicious email and aren’t sure what to do about it, forward any phishing messages to email@example.com. And if you need help filing your return safely or verifying the authenticity of tax services extended to you via email or phone call, contact CMIT Solutions today.