Google defines “spoof” as a “humorous imitation of something,” or a “trick played on someone as a joke.” But there is nothing funny about the type of spoofing I am about to describe. The tax industry is gathering forces to warn the public about a dangerous tax scheme that involves something called “business email spoofing.” I feel compelled to do my part in spreading the word about this one. As part of this scheme, cybercriminals send an email that appears to come from a high-level executive at the target company to somebody in HR or payroll, asking them for sensitive employee information (most often social security numbers or documents containing social security numbers). This particular scam first appeared last year and we are now seeing a second wave. Enough victims have reported these emails so that the IRS now has examples of the exact phrasing used in some of these spoof emails. It is worth your time to review these phrases, and certainly double check any similar requests coming from the head of your company.

Only a few days after their warning to the business world last month, the IRS released a follow-up alert stating that the spoofing scheme had spread to “other sectors, including school districts, tribal organizations and nonprofits.” The second wave appearing this tax season appears to be more dangerous and more pervasive than what was witnessed last year. First of all, the emails started surfacing earlier in the season this time around. The scheme has spread to new sectors of society; pretty much any organization that collects social security numbers is at risk. And the emails have gotten more bold this time around. Originally the criminals would ask for social security numbers under the guise of high-level management, which would potentially provide a means for illegally obtaining tax refunds (an indirect way of getting paid). Now they are boldly taking a more direct route to the cash by simply asking for a wire transfer. I am sure that most of the time these emails are recognized as spam/phishing, but with just the right wording and in just the right set of circumstances, the cybercriminals are successful.

We have seen variations of this scheme before. Tax scammers posing as representatives of the IRS typically called or emailed individuals asking for financial and identifying information as well as direct payments. But why contact taxpayers one by one when you can hit the jackpot exploiting the vulnerabilities of entire businesses and organizations? That has to be their rationale. I imagine crime rings where the more effective individual scammers are “promoted” to a position where they handle the corporate accounts where both the risks and the potential profits are much greater, but I really have no idea about the structure or sophistication of these criminal organizations. For all I know it could be one or two thugs sitting in their mom’s garage somewhere halfway around the world. It is very frustrating that this kind of thing can go on, but I’ll leave that to the FBI and Criminal Investigation. What goes on in the mind of the victim is also interesting, but I don’t know enough about human behavior to understand why people keep falling for this. We are increasingly comfortable making financial transactions online. Does that familiarity cause us to let our guard down? If it is mostly a matter of people being uninformed, I hope this article helps to spread the word.

Contact us today for more information or a free consultation!

Twice a year the California Franchise Tax Board (FTB) puts together a list that they call the “Top 500 Delinquent Taxpayers.” One list comes out in April during tax season, and it is updated in October near the extension deadline. It is a list of the 500 highest state tax liabilities along with the individuals and companies who owe them. The list was last updated on October 14th and can be accessed here. Right now these 500 liabilities add up to around $394 million.

I know I tend to get hung up on semantics (isn’t that what lawyers do?) but I think the title of this list is a bit harsh. The term “delinquent,” when used to describe an individual, almost always has a criminal connotation. The Oxford dictionary, for example, defines the term in this manner: “(typically of a young person) tending to commit crime, particularly minor crime.” Webster’s definition is similar: “doing things that are illegal or immoral.” I don’t know how many taxpayers on this list have been convicted (or even accused) of a crime; I would guess few of them have. As we know, failing to pay all your taxes when they become due, in and of itself, is not a crime.

In tax jargon the term “delinquent” usually means something different. Tax attorneys, accountants, and tax collection agencies typically use this word when referring to overdue payments or past due accounts. When “delinquent” is used to describe an account (rather than a person) then it carries a connotation of tardiness rather than criminality. Therefore, if the FTB must use the term “delinquent,” it really should be used to describe an account rather than a taxpayer. I would be in favor of changing the title of the list to “Top 500 Delinquent Tax Accounts.”

Having said that, these people have been given fair warning. Besides the various preliminary letters and notices, they are given one last chance to clear things up (or at least begin the process) before the top 500 list is published. According to the FTB website:

In August, FTB sent letters to taxpayers scheduled to appear on the list. Of these taxpayers, 96 made arrangements to pay their tax debt. Another 296 individuals and 108 businesses did not pay, resulting in their inclusion on the list.

The FTB states that they have collected more than $582 million through this program since it was started in 2007. I’m not sure how they can tell what part of the revenue they receive is a result of this program and what part would have been paid regardless of inclusion on the list. I would also be interested in studying the unintended consequences of the list, like how, and to what degree, this list has negatively impacted these peoples’ careers. Although, having done a quick Google search, I don’t think the list usually appears in mainstream news outlets. I also researched a few of the top names and I suspect that their reputations have already been tarnished by other financial problems, and their FTB tax debts are just one piece to the puzzle.

Contact us today for more information or a free consultation!

The head of the Treasury Inspector General for Tax Administration (TIGTA), J. Russell George, testified before Congress today concerning the latest data breach at the IRS involving the “Get Transcript” application.  At this point we have some preliminary estimates on the damage done by this cyberattack: $39 million in fraudulent refunds.  And while George stopped short of saying that it all could have been prevented, he clearly did place some blame on the IRS.  Every year for the past several years, TIGTA has identified weaknesses in IRS security systems and makes “recommendations” for improving them.  As of March 2015, there were around 50 problem areas that still required attention.

The problem is that most of the time these “recommendations” are simply acknowledged by the IRS and taken into consideration, and nothing further.  In other words, the IRS will agree with the recommendation but not take the additional steps necessary to correct the problems.  I have been frustrated by this pattern for years and wished TIGTA somehow had the authority to require action, rather than kindly make recommendations.

IRS Commissioner, John Koskinen, was also present during George’s Congressional testimony and you can probably guess his response: budget cuts have hampered the IRS’ ability to combat cyber criminals and has kept the IRS from upgrading their computers and cybersecurity technology.  But after realizing that he had painted himself into a corner, he quickly tempered his remarks:

Not every problem is a budget problem, so I don’t want to wander around town every time we have a challenge saying, “Ah, if we had more money, we’d fix it,” … [t]his is a technology issue, not a budget [issue]…

The other part of his response was that implementing TIGTA’s recommendations would not have prevented this particular cyberattack.  It’s apples and oranges.  There was apparently something different about this data breach; it was very sophisticated and was orchestrated by multiple groups located in foreign countries.  According to Koskinen, it was a “sophisticated international syndicate” that was responsible for this latest data breach.  In other words, this was a tricky group of criminals and nothing could have stopped them.

Don’t believe it.  We know the IRS’ track record and they make a lot of mistakes.  There is a reason why they immediately took that part of their website down following last week’s announcement.  I am also very skeptical of the statement I keep seeing that the main IRS computer systems were not compromised in this cyberattack.  Remember when top IRS officials were certain that Lois Lerner’s emails were not recoverable?  There are times (and I see this on a daily basis in my communications with IRS rank & file) when the IRS does not appear to be all that familiar with its own systems.  We’ll have to keep a close eye on this story.  I would not be surprised if more information is discovered in the coming weeks that calls into question this statement about IRS’s main computer system.  I hope I am wrong.

Get your check in the mail today! Charitable contributions are deductible in the year made, make you feel good immediately, and may give you some IRS Tax Relief in April. Therefore, donations paid by check still count for tax 2012 as long as they are mailed by today, the last day of 2012. Donations charged to a credit card before the end of 2012 count for 2012, even if the credit card bill isn’t paid until year 2013.

To deduct any charitable donation of money, regardless of amount, a taxpayer must have a bank record or a written communication from the charity showing the name of the charity and the date and amount of the contribution. Bank records include canceled checks, bank or credit union statements, and credit card statements. Bank or credit union statements should show the name of the charity, the date, and the amount paid. Credit card statements should show the name of the charity, the date, and the transaction posting date.

To be deductible, clothing and household items donated to a charity generally must be in good used condition or better. A clothing or household item for which a taxpayer claims a deduction of over $500 does not have to meet this standard if the taxpayer includes a qualified appraisal of the item with the return. Household items include furniture, furnishings, electronics, appliances and linens.

But remember, only donations to qualified organizations are tax-deductible. A searchable online database listing most organizations that are qualified to receive deductible contributions is available here on IRS.gov. Additionally, churches, synagogues, temples, mosques and government agencies are usually eligible to receive deductible donations, even if they are not listed in the database.