Google defines “spoof” as a “humorous imitation of something,” or a “trick played on someone as a joke.” But there is nothing funny about the type of spoofing I am about to describe. The tax industry is gathering forces to warn the public about a dangerous tax scheme that involves something called “business email spoofing.” I feel compelled to do my part in spreading the word about this one. As part of this scheme, cybercriminals send an email that appears to come from a high-level executive at the target company to somebody in HR or payroll, asking them for sensitive employee information (most often social security numbers or documents containing social security numbers). This particular scam first appeared last year and we are now seeing a second wave. Enough victims have reported these emails so that the IRS now has examples of the exact phrasing used in some of these spoof emails. It is worth your time to review these phrases, and certainly double check any similar requests coming from the head of your company.
Only a few days after their warning to the business world last month, the IRS released a follow-up alert stating that the spoofing scheme had spread to “other sectors, including school districts, tribal organizations and nonprofits.” The second wave appearing this tax season appears to be more dangerous and more pervasive than what was witnessed last year. First of all, the emails started surfacing earlier in the season this time around. The scheme has spread to new sectors of society; pretty much any organization that collects social security numbers is at risk. And the emails have gotten more bold this time around. Originally the criminals would ask for social security numbers under the guise of high-level management, which would potentially provide a means for illegally obtaining tax refunds (an indirect way of getting paid). Now they are boldly taking a more direct route to the cash by simply asking for a wire transfer. I am sure that most of the time these emails are recognized as spam/phishing, but with just the right wording and in just the right set of circumstances, the cybercriminals are successful.
We have seen variations of this scheme before. Tax scammers posing as representatives of the IRS typically called or emailed individuals asking for financial and identifying information as well as direct payments. But why contact taxpayers one by one when you can hit the jackpot exploiting the vulnerabilities of entire businesses and organizations? That has to be their rationale. I imagine crime rings where the more effective individual scammers are “promoted” to a position where they handle the corporate accounts where both the risks and the potential profits are much greater, but I really have no idea about the structure or sophistication of these criminal organizations. For all I know it could be one or two thugs sitting in their mom’s garage somewhere halfway around the world. It is very frustrating that this kind of thing can go on, but I’ll leave that to the FBI and Criminal Investigation. What goes on in the mind of the victim is also interesting, but I don’t know enough about human behavior to understand why people keep falling for this. We are increasingly comfortable making financial transactions online. Does that familiarity cause us to let our guard down? If it is mostly a matter of people being uninformed, I hope this article helps to spread the word.
For years now, the IRS has taken an active role in warning taxpayers, and the tax industry in general, of tax-related scams, but they seem to be as prevalent as ever. Once a year, right around tax season, the IRS increases the number and intensity of its warnings to try to match the number and intensity of scams. Criminals have found that tax season (January thru April) is the best time to practice their craft. But we have seen the Christmas season begin earlier and earlier each year in the world of retail sales — before Thanksgiving in most places, and the tax fraud people seem to be following suit. They don’t wait for tax season anymore, which often puts the beginning of “tax fraud season” smack dab in the middle of the holidays. Their schemes are almost always based on some type of IRS impersonation, sometimes targeting particular groups in an attempt to exploit their vulnerabilities. The IRS recently provided a list of several variations, including the following:
- Direct calls requesting immediate payment: This is perhaps the boldest and most common technique. Taxpayer will receive an automated message or a threatening cold call demanding payment over the phone. Often the caller will threaten prosecution or jail time based on some false claim of tax evasion.
- The Federal Student Tax scam: This scam is carried out in manner similar to the direct call, but targeted at students and parents of students. As you might know, there is no such thing as a federal student tax.
- Fake tax bill for Affordable Care Act liability: It is true that a taxpayer could owe penalties (aka, “shared responsibility payments”) and advanced premium tax credit overpayments under the Affordable Care Act. It is also true that the IRS is charged with the responsibility of collecting such payments. However, you must be careful that the letter or email is legitimate. An email claiming to be from the IRS is most likely a fake. And the IRS says that taxpayers should be skeptical of “CP2000” letters requesting that payment be send to the “Austin Processing Center.”
- Emails from the boss: Sometimes tax scammers have been known to contact human resources and others within a company asking for confidential employee records, including social security numbers.
- Gaining access through the tax preparation industry: Tax preparers should be aware of a scheme whereby the criminals contact them with fake software updates via an email that appears to be from a tax software firm. Somebody in the tax industry might be savvy enough to recognize this kind of thing as a fake, but since many taxpayers use tax filing software themselves, sometimes these emails go straight to the consumer who could more easily fall victim to this scheme.
It may be that the holidays are the perfect time for a variety of criminal schemes. I was recently made aware of a scheme targeting attorneys. An email with the subject line “The Office of The State Attorney Complaint,” if opened, could expose an unwary lawyer to a computer virus. If this sounds like an agency with a clumsy name, it’s because no such agency exists. Stay vigilant my friends; apparently there are a lot of Scrooges out there this time of year.
It’s hard to make tax news interesting because it’s always the same story over and over again. People are getting scammed by criminals who impersonate the IRS, politicians want to replace the IRS Commissioner, the IRS hasn’t been funded properly and doesn’t have the resources to do their job, the IRS filed a federal tax lien against a celebrity who owes millions of dollars in back taxes, and the IRS warns taxpayers to brace themselves for a rocky tax season. Even the “scholarly” articles are completely predictable: How do we close the Tax Gap?, Who’s going to overhaul and simplify the tax code?, What can be done to make the IRS run more efficiently?, How do we promote voluntary compliance? The details change a bit, but it’s basically an endless cycle of the same old unsolved problems.
Today the IRS announced that refunds will be delayed for certain early filers during the 2017 tax season. New laws require the IRS to hold entire refunds where the filer claims the EITC or the ACTC until at least February 15th. Taxpayers who expect a refund naturally tend to file in January or as early as they can, and many are accustomed to getting their refund somewhere near the end of January or early in February. Believe me, it is common for people to plan vacations and major purchases around their tax refund. Having to wait a week or two longer may not seem like a big deal, but some people have come to really rely on that check, and a couple weeks can feel like a couple months.
At least this time the reason for the delay is more valid than “we don’t have the resources to process the refunds quickly.” The IRS is reviewing certain returns with heightened scrutiny in an effort to identify and prevent refund fraud and identity theft.
The IRS Commissioner, John Koskinen, said, in explaining the need for today’s announcement, “We don’t want anyone caught by surprise if they get their refund a few weeks later than in previous years.” My question is, what, besides this press release, will the IRS do to get the word out? They’ll tweet it out a couple times, I have no doubt about that. But this kind of info needs to spread to all the news outlets, social media, tax preparers, and tax prep software so that even the least connected of America’s taxpayers will be aware.
Twice a year the California Franchise Tax Board (FTB) puts together a list that they call the “Top 500 Delinquent Taxpayers.” One list comes out in April during tax season, and it is updated in October near the extension deadline. It is a list of the 500 highest state tax liabilities along with the individuals and companies who owe them. The list was last updated on October 14th and can be accessed here. Right now these 500 liabilities add up to around $394 million.
I know I tend to get hung up on semantics (isn’t that what lawyers do?) but I think the title of this list is a bit harsh. The term “delinquent,” when used to describe an individual, almost always has a criminal connotation. The Oxford dictionary, for example, defines the term in this manner: “(typically of a young person) tending to commit crime, particularly minor crime.” Webster’s definition is similar: “doing things that are illegal or immoral.” I don’t know how many taxpayers on this list have been convicted (or even accused) of a crime; I would guess few of them have. As we know, failing to pay all your taxes when they become due, in and of itself, is not a crime.
In tax jargon the term “delinquent” usually means something different. Tax attorneys, accountants, and tax collection agencies typically use this word when referring to overdue payments or past due accounts. When “delinquent” is used to describe an account (rather than a person) then it carries a connotation of tardiness rather than criminality. Therefore, if the FTB must use the term “delinquent,” it really should be used to describe an account rather than a taxpayer. I would be in favor of changing the title of the list to “Top 500 Delinquent Tax Accounts.”
Having said that, these people have been given fair warning. Besides the various preliminary letters and notices, they are given one last chance to clear things up (or at least begin the process) before the top 500 list is published. According to the FTB website:
In August, FTB sent letters to taxpayers scheduled to appear on the list. Of these taxpayers, 96 made arrangements to pay their tax debt. Another 296 individuals and 108 businesses did not pay, resulting in their inclusion on the list.
The FTB states that they have collected more than $582 million through this program since it was started in 2007. I’m not sure how they can tell what part of the revenue they receive is a result of this program and what part would have been paid regardless of inclusion on the list. I would also be interested in studying the unintended consequences of the list, like how, and to what degree, this list has negatively impacted these peoples’ careers. Although, having done a quick Google search, I don’t think the list usually appears in mainstream news outlets. I also researched a few of the top names and I suspect that their reputations have already been tarnished by other financial problems, and their FTB tax debts are just one piece to the puzzle.
The IRS is proposing a completely restructured fee schedule for installment agreements, which would take effect on January 1, 2017. This was announced via IRS newswire under the title: “IRS Proposes Revised Fees for Installment Agreements; New Lower Fee Available for Direct Debit Online Payment Agreements; Special Relief Provided to Low-Income Taxpayers.” Of course the title only tells half the story. It appears to have been intentionally spun to highlight only the favorable aspects of the fee schedule. If so, it was completely unnecessary; the only people who read these articles are savvy tax professionals who will probably read beyond the title and not the general taxpaying public who the IRS intended to trick. And if the title is intentionally misleading, it tells you a thing or two about the IRS’ low opinion of taxpayers.
Moving beyond the demeaning title, we can see that the fee for a Direct Debit Installment Agreement (DDIA), if done online, would be reduced ($31), the low-income taxpayer fee would remain the same ($43), and every other applicable IA fee would actually increase. The IRS is clearly trying to phase out the regular old installment agreement that is established by phone or mail and that is paid by sending in a check every month. Under the new fee schedule, the cost for that kind of agreement would be nearly twice as high as it is currently (from $120 to $225).
One of the big complaints we get from taxpayers is that they feel the IRS is constantly trying to “nickel and dime” them until they find themselves buried in a mountain of debt that they will never be able to repay. One of the ways the IRS does this is with interest and penalties. Of course if your tax debt is a big one, then we’re talking a difference of hundreds and thousands of dollars, not just nickels and dimes. Another way that taxpayers feel the vice tightening is when they get audited for tax periods they thought were already settled. It can be very disconcerting not knowing exactly what you owe and not knowing if that number could change. The new fee schedule proposal has that same feel for me, but I predict that very few taxpayers will ever notice they are being “nickel & dimed” this time. The reason I say that is most people do not set up payment plans on a regular basis or with enough frequency to notice a change in fees. Yet another reason why the misleading title was unnecessary.
Its back to school this week for many kids across the country. As great as summer vacation can be, many parents look forward to getting back into a regular routine come mid August. If you don’t have children, then you probably have no idea what kind of costs are associated with this annual tradition. Many parents like to update their kids’ wardrobes before school starts, and this is often the biggest expense. But there are a whole host of other expenses like school supplies, PE clothes, yearbooks**, school pictures, and sports equipment. But it has been four months since anyone had to think about their taxes, so at least that is not a concern. Not until you get a call from the scammer posing as an IRS agent demanding that you pay a bogus school tax. I wish I were making this up. Today the IRS warned taxpayers about this new twist on an old theme. Tax scam artists tend to prey on categories of people who may be more vulnerable, and I guess one of those categories is the taxpaying parent who will do anything to avoid jeopardizing their child’s education.
People, I have said this 1,000 times, but I’ll say it once more: the IRS does not call you out of the blue and demand that you make a payment over the phone. They do not call you out of the blue and threaten to send you to prison. And when I say “out of the blue,” I mean if you haven’t received any notices or letters from the IRS about tax problems (like taxes owed or missing returns), then chances are you don’t have any tax issues that would land you in prison. It really is that simple.
While it seems ridiculous to me that anyone would fall for this scam and think they actually have to pay a “Federal Student Tax,” there is at least one scenario in which I can imagine this scam being successful. Many 17/18-year-old kids go off to college and they’re on their own for the first time in their lives. If you can remember what it’s like to be this age, they tend to be fairly naïve about certain financial matters (like taxes). This financial innocence mixed with the new-found confidence (recklessness for some) of adulthood is a recipe for disaster. I could definitely see the back-to-school scammer finding success with this demographic. Be careful out there college kids!
** I know yearbooks don’t get printed until the end of the school year, but at my kids’ school they suggest reserving your copy before school even starts because they print only a limited number of them and once they’re gone, they’re gone, so of course we have to get one.
I have a memory from my first job as a lawyer that reminds me how slow the legal profession can be embracing new technology. Or maybe it just reminds me of how old I am.
It was 2003 and we were using these lined, carbon copy half-sheets we called “quick notes” to send informal hand-written messages to opposing attorneys, doctors, etc. I don’t remember sending them to clients because they didn’t really make the best impression, so we would dictate actual printed letters on official letterhead when writing to clients. We mailed the top white sheet to the recipient and saved the yellow carbon copy for the file. This form of communication seemed a little dated to me, even then, but it worked, and it was efficient. Even though it had been in the mainstream for about 10 years, I do not remember using email at that job.
Some people, or groups of people, just don’t latch onto technology very quickly. Because the taxpaying public includes every category of person imaginable, it is easy to see how a large percentage of taxpayers would have a hard time with the IRS’ suite of web-based services. The National Taxpayer Advocate, Nina Olson, is concerned about those who may get left behind as the IRS moves more and more of its services online. These are some of the concerns outlined in her annual report to Congress that was published a few days ago.
Somewhat of a contradiction has been developing over the years as the IRS formulates its “future plan” that heavily emphasizes technology and, specifically, online taxpayer accounts. Online tools are supposed to make things easier and more accessible for taxpayers (in fact, that is always their stated purpose), but it is obvious that the main purpose is to save the IRS money. Can you have both? Sure you can, but the key is that you don’t completely phase out the low-tech alternatives so that there are still options for the “quick note” users. For example, the IRS plans to phase out face-to-face taxpayer assistance. First they changed the name of walk-in sites to “Taxpayer Assistance Centers.” Then they plan to eliminate walk-ins and require appointments. Is it only a matter of time before these assistance centers are completely off limits to the public? It’s true, the IRS has a tricky balancing act when it comes to implementing new technology, and frugal administration of the tax system is certainly a worthy goal. But forcing everyone to embrace online accounts and tools will only cause more frustration, distrust, and inefficiency — things the IRS has been trying to avoid for decades.
The Affordable Care Act is intended to make affordable health insurance available to all. But we have seen that simply making it available does not result in 100% enrollment…not even close. It seems odd that you would have to push and prod people to take advantage of something that is free, but that’s the reality of Obamacare. Millions of low to moderate income families in the United States would qualify for free health care through Medicaid or highly subsidized policies through the insurance exchange if they would just apply.
There are many reasons why some qualifying families do not take advantage of these health care benefits. Some find the process confusing and don’t know where to go for help. Some people just procrastinate and don’t give it much thought until there is a health emergency. Others simply fail to get the message in the first place. Failure to get the message is perhaps the biggest tragedy of all in this, the Information Age.
The IRS, for example, obtains information from tax returns that could help identify people who would be eligible for government subsidized health care, but who don’t take the steps to make it happen. The key indicator is the earned income tax credit. NPR reports that about half the taxpayers who receive this credit would be eligible for “significant financial assistance.” There are some states that do a much better job than the IRS of informing these low income families of the potential health benefits available to them. The IRS certainly could do more in this area since they are currently doing nothing (besides providing a link to the government health insurance website). Of course, sending them a notice from the IRS might not have the same effect as putting them in touch with a “navigator” who would contact them directly with assistance.
As an employee, when the CEO or other executive asks you to jump, the typical response is “how high?” So if you were to get an email from the CEO asking for a list of employee data, you probably wouldn’t question it. You’d probably send the info as soon as possible and without too much thought.
Cybercriminals who understand the position of power that company executives possess are using these relationships to obtain sensitive employee data. The practice is called “spoofing” because the thieves pose as the CEO or other high level executive, using the real executive’s name in an email to those within the company who have access to W-2s and social security numbers (typically those within payroll or human resource departments). Then these criminals obviously use the data to file false refund returns or sell the data to 3rd parties.
The IRS made a statement yesterday alerting the public of this new kind of phishing scheme:
If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.
~ IRS Commissioner, John Koskinen
I guess the question some payroll people will have is “what should I do to check it out“? Every company and every office is different. Your response may depend on the formality of your office and the relationship you have with the executive who requested the info. In some circumstances it may not be appropriate to knock on the CEO’s door asking if he/she emailed you. It might be a little awkward emailing back asking the CEO what he plans on doing with the info, or asking if he can authenticate by giving you the name of his favorite childhood pet or his mother’s maiden name.
I suspect that in most cases the email address of the sender will be a dead giveaway. If you don’t recognize the email address, then you can ask the follow up questions or pay the CEO a visit. Having said that, I don’t know for sure that these cybercriminals cannot send emails that appear to be sent from a company email system, in which case it might be wise to ask about the childhood pet anyways. Better safe than sorry, even if the price is a little embarrassment.