IRS Warns of Spoof Emails from CEO Posers

IRS Warns of Spoof Emails from CEO Posers

As an employee, when the CEO or other executive asks you to jump, the typical response is “how high?” So if you were to get an email from the CEO asking for a list of employee data, you probably wouldn’t question it. You’d probably send the info as soon as possible and without too much thought.

Cybercriminals who understand the position of power that company executives possess are using these relationships to obtain sensitive employee data. The practice is called “spoofing” because the thieves pose as the CEO or other high level executive, using the real executive’s name in an email to those within the company who have access to W-2s and social security numbers (typically those within payroll or human resource departments). Then these criminals obviously use the data to file false refund returns or sell the data to 3rd parties.

The IRS made a statement yesterday alerting the public of this new kind of phishing scheme:

If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.

~ IRS Commissioner, John Koskinen

I guess the question some payroll people will have is “what should I do to check it out“? Every company and every office is different. Your response may depend on the formality of your office and the relationship you have with the executive who requested the info. In some circumstances it may not be appropriate to knock on the CEO’s door asking if he/she emailed you. It might be a little awkward emailing back asking the CEO what he plans on doing with the info, or asking if he can authenticate by giving you the name of his favorite childhood pet or his mother’s maiden name.

I suspect that in most cases the email address of the sender will be a dead giveaway. If you don’t recognize the email address, then you can ask the follow up questions or pay the CEO a visit. Having said that, I don’t know for sure that these cybercriminals cannot send emails that appear to be sent from a company email system, in which case it might be wise to ask about the childhood pet anyways. Better safe than sorry, even if the price is a little embarrassment.

Mastermind of IRS Phone Scam Gets 14 Year Prison Sentence

You would have to be living under a rock if you’re not aware of the pervasive IRS impersonation phone scams going around.  These scammers prey on the least-informed, most vulnerable people in society, convincing them that the IRS is on the brink of throwing them into prison for unpaid taxes when, in many cases, no taxes are owed.  Now at least one of the masterminds behind this, Sahil Patel (36), is going to be put away for 14 years.  Patel was sentenced a couple days ago in a U.S. District Court in New York for conspiring to extort, to impersonate government officials, and to commit wire fraud.

The government considers Patel one of the ringleaders in a scam that duped nearly 4,000 people out of a combined $20 million over the past two years.  However, this criminal group is obviously run by more than just Patel as the phone calls have not stopped since his conviction.

Maybe 14 years seems like a long time to you for a crime that doesn’t involve taking a life, but this is what the district judge had to say about it:

The nature of this crime robbed people of their identities and their money in a way that causes people to fee that they have been almost destroyed.

He definitely wanted to “ensure adequate deterrence.”  Plus I don’t think it helped that Patel came across as an “unfriendly” witness.  He reportedly made some sexist comments about the women he hired to do the dirty work and how they were ignorant and gullible.  I know that 14 years seems like a heavy penalty, and you can’t really expect a higher level of severity, but I wonder if this will really deter the co-conspirators who appear to be keeping the scheme operational.  The rewards are so incredibly high for them and, at this point at least, the risks seem to be just low enough.

We can increase the risk by finding more of these guys, and I think the IRS, in cooperation with law enforcement, is doing the best they can.  We can reduce the reward by informing the public — and this is where I think they can improve.  I started this article by saying that one would have to be living under a rock to not be aware of these phone scams, but I don’t know if that is true.  As a tax attorney, I hear about this kind of thing all the time because I am dialed into tax news and events.  But is the average taxpayer getting the message?  I think IRS public service messages are focused on tax professionals.  Maybe there should be a broader kind of outreach through TV and radio.  I suppose there is a reason why they haven’t gone there; maybe they don’t want to freak everyone out.

Protect Yourself Against Identity Theft

Identity theft can be a huge headache, especially when it affects your federal tax record.  There are at least a couple ways how that might happen.  An identity thief may use your personal identifying information, including your social security number, to file a false tax return and obtain a fraudulent refund.  Or a thief may use your identity to obtain a job, claim the maximum number of exemptions, and basically collect tax-free income.  Then, these W-2 wages are reported to the IRS under your social security number.  When the information on your legitimate tax return does not match up with the W-2s the IRS has on file (i.e., when you fail to report the income earned by the identity thief) then the IRS sends you a letter asking you to explain the discrepancy.

The IRS provides a comprehensive list of tips for those whose identity has been stolen.  However, some of their most useful tips explain how to avoid identity theft in the first place. What it all comes down to is safeguarding your personal and financial information, including your credit cards, social security number, even address.

Some identity thieves steal wallets and purses.  Protect your personal effects when you carry them around and never leave them in open sight in your vehicle.  Never leave a bag or purse unattended in a store or airport.  It is human nature to misplace small items such as these, but we tend to be very habitual in the handling of our wallets and purses.  The more safe habits we can acquire, the better, so that it becomes second nature to protect our personal effects.

Some identity thieves try to obtain information from you through a phone call or electronic means (especially emails).  The IRS has issued extensive and repeated warnings regarding phony IRS emails and phone calls.  The IRS has made it abundantly clear that they do not contact taxpayers through email and they do not request credit card information over the phone.  It is actually really easy to identify a phony IRS contact if you know what to look for, but very easy to be deceived if you don’t.

Some identity thieves sift through your trash.  Once you take your trash out to the curb, it is easy to consider it “gone,” but that is usually the point at which the identity thief just begins his work.  The idea here is to take steps to destroy identifying information before you throw it in the trash can.  Invest in a good quality shredder and make a habit of shredding anything with your name on it.

Some identity thieves obtain your information through unsecured websites.  Do not share your personal and/or financial information on obscure, unknown websites that cannot be trusted.  If you’re making purchases online, stick with the big time, well known websites like Amazon, eBay, and nationwide retailers.  If you ever have a question as to whether a website can be trusted, do a quick Google search of the company or, better yet, just move along to something else.

Tax Day 2014

It’s April 15th — tax filing deadline day!  From where I sit, there are only a couple more hours left to file your federal income tax return.  Today I should be writing about (and you should be reading about) procrastination, how to file an extension, what to do if you owe taxes and can’t pay, or various IRS statistics like how many returns have been filed, how many refunds have been issued, how much the IRS has paid out in refunds, etc.  Before the age of electronic filing, we used to see the obligatory TV news story about which post offices were open late and which ones had the longest lines.  But gone are the days of such innocent tax day topics.  Today I’m mostly seeing warnings about those pervasive telephone tax scams.

For as long as I can remember, the IRS has warned taxpayers of phony IRS calls, but it seems like it used to be an annual warning that came out in the “Tax Tips” series.  And it always seemed more like a theoretical problem with some anecdotal evidence here and there.  Today, however, these phone scams have become commonplace.  It doesn’t seem to matter where you live either; I’ve seen reports of phone scams all across the country.  And I’ve handled my share of calls from local taxpayers who have been scared out of their minds by phony IRS calls.  In Sacramento, some victims are being told that they are going to be arrested for tax fraud.  These scam artists are apparently very convincing.  Sometimes people who don’t even owe (and know that they don’t owe) are tricked into believing that they are in trouble with the IRS.

The IRS is very clear about what type of contact they initiate with taxpayers, and if you become familiar with the standard IRS warnings, you’ll never be fooled by a tax scam.

2014 Dirty Dozen Revealed

Every year around the beginning of tax season, the IRS comes up with its “Dirty Dozen” tax scams list.  In recent years the top three have been (1) Identity Theft; (2) Phishing; and (3) Return Preparer Fraud.  The 2014 list includes Identity Theft and Phishing in the top three again, this time along with “Pervasive Telephone Scams.”  Phone scams often take advantage of recent immigrants, the elderly, or uneducated.  It is easy to avoid a phone scam if you know what to look for and if you maintain a certain degree of skepticism when receiving an unsolicited phone call.  However, as easy as it is in theory, these phone scams must be at least somewhat successful or they wouldn’t be described as “pervasive,” and they wouldn’t have made it to the top of the Dirty Dozen this year.

Here is the Commissioner’s official generic statement:

Taxpayers should be on the lookout for tax scams using the IRS name. These schemes jump every year at tax time. Scams can be sophisticated and take many different forms. We urge people to protect themselves and use caution when viewing e-mails, receiving telephone calls or getting advice on tax issues.

The reason that the IRS releases the Dirty Dozen list in February is that they have noticed a spike in tax scams around this time of year.  However, just as the IRS can (and will) collect on delinquent tax accounts by issuing a wage garnishment or bank levy throughout the year, tax thieves and scam artists pretty much work around the clock.

New Commish, 2014 Tax Season, EITC

A few noteworthy events caught my eye in the world of tax relief today.

First, the Senate approved Obama’s nomination of John Koskinen in a 59-36 vote, confirming him to fill the top position at the IRS; a position that has been vacant for over a year.  Commissioner Koskinen will take his post beginning next week and we’ll definitely keep a close eye on him to see if he will fulfill his promise of restoring public trust to the agency that has been fighting a dismal public perception for years.  Obviously, this is not something that he’ll be able to do overnight.

Second, the IRS announced that the opening of the 2014 tax season will be on January 31st.  This is when the IRS will begin accepting 2013 tax returns.  The IRS encourages taxpayers to file electronically.  If you are due a refund, this is definitely the quickest way to get it.  Also, the IRS reminds us that we always have the option of requesting an automatic six-month extension using Form 4868.  The IRS tends to encourage extensions because it spreads out the influx of tax returns so that things don’t get too bottlenecked.

And finally, TIGTA, the IRS watchdog, reported on increasing abuse of the Earned Income Tax Credit (EITC) by tax preparers.  The IRS has always had a problem with EITC abuse and fraud because it is a refundable tax credit that can mean money in the pocket of whoever claims it and qualifies (or appears to qualify).  TIGTA noted that too many tax preparers fail to do their due diligence by completing and attaching Form 8867, the Paid Preparer’s Earned Income Credit Checklist.

"This is George Miller with the IRS…"

It sure was nice of the IRS to warn taxpayers of a “pervasive telephone scam” last week.  The scam artists apparently target recent immigrants, threaten jail time, and run credit card payments over the phone.  The IRS described a number of things to look out for, presumably so we all can  independently determine if the call we received is from a scammer or from an actual IRS representative.  The only problem is sometimes the thieves and the IRS agents share some of the same characteristics.  Let me show you what I mean.

  • Scammers use phony names and IRS badge numbers: Great, but how would we know if the name or badge number is fake?!  The IRS says that they often use common names.  But I know there are plenty of real IRS reps who have common names.  Plus, recent immigrants may not be fully aware what is or is not a common American name.  It might have been helpful if the IRS had given a sample ID number so that taxpayers could at least know if it was the correct number of digits.  Many of the representatives I speak with use 7-digit ID numbers (assuming I have been talking with the IRS for the past 8 years and not phone scammers).
  • Scammers may be able to recite the last 4 digits of the victim’s SSN: So can a real IRS rep.
  • Scammers spoof the IRS toll-free phone number on caller ID: When I have received calls from revenue officers, offer in compromise examiners, and appeals agents, it usually shows “Unknown” on caller ID, so this is good to know.
  • Scammers sometimes follow up the call with a bogus email: Real IRS agents never send emails, so this is actually a dead giveaway.
  • Scammers produce phony call center background noise: I have often heard phones ringing and low chatter that is characteristic of a call center when talking with the IRS, so I’m not sure how helpful this tip is.

I think this IRS warning is useful, but only by becoming familiar with the entire list of characteristics.  If you receive a call fitting one of the above descriptions, there may not be cause for concern (unless you are asked to provide credit card info).  But if you receive a call with many of the above characteristics, it is probably a phony IRS call and a scam.

Foreign Accounts & Quiet Disclosures

There is a general, overriding principle in the world of Federal Tax that goes something like this: if you voluntarily come forward to admit your prior tax shenanigans and get yourself back in the good graces of the IRS, there will be less negative consequences than if the IRS catches you trying to get away with it.

This principle holds true with respect to the reporting of foreign bank accounts.  Taxpayers who are caught hiding assets in foreign accounts are subject to criminal prosecution, and could very well face jail time.  But under the IRS voluntary amnesty programs, those who come forward and disclose their offshore assets are promised they won’t go to jail in exchange for payment of penalties that are based on a percentage of their account balances.

There are some who want to get back on the grid without having to pay hefty penalties.  They do this by making a so-called “quiet disclosure” of foreign assets; they report their foreign accounts without giving the government information about accounts held in previous years.  This type of disclosure sometimes tricks the IRS into believing the accounts are brand new.

According to a recent report by the Government Accountability Office (GAO), there may be more quiet disclosures happening around the nation than the IRS has the ability to identify.  The IRS is taking tips from GAO on how to detect more of these quiet disclosures.

Indian Tax System Broken

Americans are pretty conscientious about paying their taxes compared to some other countries.  How about the extreme tax-dodging that goes on in India?!  Many farmers and impoverished Indians are exempt from paying taxes.  But on the other end of the spectrum are the very wealthy (and there are many of them in India) who openly refuse to pay taxes.  The millionairs don’t feel they should have to pay because they cannot trust their corrupt government officials to spend the money appropriately.  They don’t want to bank roll their politicians and make them any richer.  Basically, few people have bought into the idea of paying taxes in India, and there is no shame in the dramatic underreporting of income.  Very interesting article here.

IRS Expands ID Theft Program to All 50 States

Around this time last year, the IRS began a pilot program in the state of Florida that allowed IRS personnel to share confidential taxpayer information with local law enforcement to simplify the finding and prosecuting of identity thieves. Then in October 2012, the IRS opened up the program to eight more states: California, Texas, Alabama, Oklahoma, Georgia, Pennsylvania, New Jersey, and New York. Now effective Friday, March 29, 2013, the “Law Enforcement Assistance Program” has been opened to all 50 states.

This is basically how the program works:

  • Local law enforcement identifies potential identity theft situation
  • With the help of IRS, local law enforcement reaches out to identity theft victim to request consent for disclosure of personal tax records
  • If victim agrees to disclose the information, the victim completes a special IRS disclosure form
  • Law enforcement submits paperwork to IRS Criminal Investigation
  • IRS Criminal Investigation processes the paperwork and disclosure forms, then forwards the relevant documents to the requesting local law enforcement officer(s)

This appears to be an important and successful program, with more than 1,560 waiver requests received over the last 12 months. However, it is also apparent that the goal of helping the victims of identity theft will be achieved with or without the cooperation of local law enforcement. The IRS says it has resolved a whopping 200,000 identity theft cases since the beginning of 2013!

The IRS follows a three-pronged approach to combating identity theft:

  1. Prevent it from ever happening in the first place
  2. Where it cannot be prevented, detect it as early as possible
  3. Assist those who have been victimized