IRS Warns of Spoof Emails from CEO Posers

IRS Warns of Spoof Emails from CEO Posers

As an employee, when the CEO or other executive asks you to jump, the typical response is “how high?” So if you were to get an email from the CEO asking for a list of employee data, you probably wouldn’t question it. You’d probably send the info as soon as possible and without too much thought.

Cybercriminals who understand the position of power that company executives possess are using these relationships to obtain sensitive employee data. The practice is called “spoofing” because the thieves pose as the CEO or other high level executive, using the real executive’s name in an email to those within the company who have access to W-2s and social security numbers (typically those within payroll or human resource departments). Then these criminals obviously use the data to file false refund returns or sell the data to 3rd parties.

The IRS made a statement yesterday alerting the public of this new kind of phishing scheme:

If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.

~ IRS Commissioner, John Koskinen

I guess the question some payroll people will have is “what should I do to check it out“? Every company and every office is different. Your response may depend on the formality of your office and the relationship you have with the executive who requested the info. In some circumstances it may not be appropriate to knock on the CEO’s door asking if he/she emailed you. It might be a little awkward emailing back asking the CEO what he plans on doing with the info, or asking if he can authenticate by giving you the name of his favorite childhood pet or his mother’s maiden name.

I suspect that in most cases the email address of the sender will be a dead giveaway. If you don’t recognize the email address, then you can ask the follow up questions or pay the CEO a visit. Having said that, I don’t know for sure that these cybercriminals cannot send emails that appear to be sent from a company email system, in which case it might be wise to ask about the childhood pet anyways. Better safe than sorry, even if the price is a little embarrassment.

IRS Tax Scam Tips

Every tax season the IRS warns taxpayers of tax-time scams and how to avoid them.  The IRS says that “tax scams proliferate during the income tax filing season.”  This year the filing season begins January 31st.  I hope taxpayers take this to heart, but I also hope that they remain vigilant throughout the entire year.

People often ask me if business picks up during tax time, and I usually explain that the IRS’ collection machine runs 24/7 and 365 days per year.  The IRS Collections Department doesn’t really have a “season” so to speak; they work year-round.  We do tend to get more phone calls during the first few months of the year, but this is due to the fact that the tax season is when people tend to think more about their tax issues.  The thought of having to file income taxes again naturally leads to the next thought of having to do something about the prior tax years and tax debts already on the books.

I suppose that a similar phenomenon occurs with tax scammers.  They definitely do their dirty work around the clock and any time of the year.  But they know that they will have more success during the income tax filing season.  Poor, unsuspecting taxpayers are just more likely to pick up the phone, divulge confidential information, and open spammy emails during this time of year.

The common-sense advice that the IRS gives each year can be summarized as follows: Don’t give out your personal information such as passwords, PINs, credit card or bank info via emails or over the phone.  This is not how the IRS operates, and if you do get a phone or email request for such information, it is probably a scam.

Did Lerner Mishandle Official Emails?

These days I think few employers would have a problem with their employees using a company email account for personal matters.  As long as they are not goofing off while on the clock, it doesn’t cost the employer anything.  Although I am sure it is often listed as a prohibited activity in employee handbooks, I do not imagine it to be the type of rule that is strictly enforced.

But using a personal email account for business purposes is a bigger problem.  It would be unprofessional to send an official email from a personal account or to accept business emails on a personal account.  Sending internal documents from work to your own personal email account is an even bigger problem.  The House Oversight and Government Reform Committee apparently has been informed that Lois Lerner did just this.

Lois Lerner is the lady at the center of the IRS Tea Party targeting scandal.  She was thrust into the spotlight back in May when she invoked her 5th Amendment rights, refusing to testify before Congress.  Presently, the Committee is asking Lerner to produce “all documents and communications housed in [her] account.”  She has until August 27th to comply, after which I would imagine she will be subpoenaed, after which I imagine her lawyers will dispute it as being overbroad.

What makes this behavior especially repugnant is that THIS IS THE IRS we’re talking about, not a private company!  This is a branch of the US Treasury that we trust will be able to play fairly and keep information safe and secure.  Let’s hope we find out that Lerner was actually only emailing herself an innocent meme or something…

Is Your Online Imprint Going to Trigger an IRS Audit?

In mid-April I noticed a rather innocuous news release on the IRS website in regards to some type of email policy. If it wasn’t so cryptic and fraught with legal positioning, I would probably have considered it with the same drab spun by the IRS press cycle on a daily basis. However, the statement was so obtuse, it required at least a Google search or two to decipher the precipitous for the need to publically proclaim their position on email surveillance.

Here’s the IRS statement from April 18, 2013:

“Where the IRS already has an active criminal investigation and seeks to obtain the content of emails from an Internet Service Provider, we obtain a court ordered search warrant. It is not the IRS policy to seek the content of emails from ISPs in civil cases. Respecting taxpayer rights and taxpayer privacy are cornerstone principles for the IRS. Our job is to administer the nation’s tax laws, and we do so in a way that follows the law and treats taxpayers with respect. However, to resolve any remaining confusion surrounding this issue, the IRS is reviewing its policy and guidance and will make appropriate updates.”

I don’t have a crystal ball or a microphone in the IRS headquarters, but I believe the precipitous for the statement was damage control based on numerous news stories circulating recently that the IRS was beginning to use more than the standard tax disclosures to catch you in a tax lie. It was reported that the IRS was acquiring personal information on taxpayers’ online activities, from eBay auctions, Facebook posts, credit card transaction records, and e-payment transaction records, to verify the information reported (or not reported) on your tax return.

It was reported that the new online surveillance policy was precipitated because the IRS is under heavy pressure to help the federal government out of its budget crisis by chasing down revenue lost to evasions and errors each year. According to Edward Zelinsky, a professor at Benjamin N. Cardozo School of Law and Yale Law School. “I am sure people will be concerned about the use of personal information on databases in government, and those concerns are well-taken. It’s appropriate to watch it carefully. There should be safeguards.” He adds that taxpayers should know that whatever people do and say electronically can and will be used against them in IRS enforcement. Be warned.

It is alleged that the IRS is going a step beyond law enforcement agencies that use openly displayed social media information such as twitter, facebook, and instagram to prove illegal activity by asserting there is no right to privacy in personal correspondence via email, facebook chats, twitters direct messages, and similar non-public online communications.

According to a blog post by Nathan Wessler on the ACLU’s blog, even though judges are holding that people’s emails are private communications (most notably in United States v. Warshak, a 2010 decision from the Sixth Circuit Court of Appeals), the IRS is going its own way on the matter, claiming that Americans have no privacy rights in any correspondence sent via the internet, so that the IRS has no obligation to get search warrants. It was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 “Search Warrant Handbook” from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that “the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications.” Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the “4th Amendment Does Not Protect Emails Stored on Server” and there is “No Privacy Expectation” in those emails.

I suppose the end result for me on this issue is the portion of the statement that reads: “It is not the IRS policy to seek the content of emails from ISPs in civil cases.” In my dealings with the IRS in non-criminal cases, policy has no president or consideration in a collection case. Therefore, you should consider your online footprint a fishbowl for IRS audit fodder.

The Latest Phishing Expedition

Phishing: “a scam typically carried out by unsolicited email and/or websites that pose as legitimate sites and lure unsuspecting victims to provide personal and financial information.” A phishing victim often finds himself burdened with tax problems that are not his own. See IRS website for full detailed information about phishing and everything you need to know about identity theft.

Be on the lookout for the following email subject lines in your inbox:

“Urgent update of tax information is requested”


“Tax information required within 30 days.”

It is recommended that you delete these emails immediately because it’s a scam. If you do decide to risk opening the email, the text will look something like this:

Dear Account Holder,

In our continuing effort to guarantee that exact data is being sustained on our systems, as well as to provide you better quality of service; INTUIT INC. has participated in the Internal Revenue Service [IRS] Name and TIN Matching Program.

We have discovered, that your name and/or Taxpayer Identification Number, that is stated on your account does not correspond to the data on file with the Social Security Administration.

In order to check the data on your account, please click here.


Corporate Headquarters
2632 Marine Way
Mountain View, CA 94043

Thanks to Kelly Philips Erb for pointing out these scam emails from time to time. If bloggers will repost these scams all over the internet, maybe we can minimize the damage to innocent taxpayers.

Beware of Bogus IRS Emails

I have said this before, but it bears repeating. Any emails you might receive purporting to be from the IRS are more than likely spam. The IRS does not communicate with individual taxpayers in this manner. You should forward any such email to and then delete the emails without opening them.

Apparently there is another batch of bad emails being dispersed this week. Thanks tKelly Phillips Erb at Forbes for the heads up. One is from “” and the other is from “support” Hopefully you’re not so curious that you would risk infecting your computer, or worse, giving up personal information to identity thefts. But, if you can’t stand not knowing what the emails say, this is the gist of it:

“Important information about your tax return. We are unable to process your tax return. We recived your tax return. However, we are unable to process the return as field. Our records indicate that the person identified as the primary taxpayer or spouse on the tax return did not provided all the required documents shown on the tax form. Our records are based on information received from the Social Security Administration. Based on this information, the tax account for the individual has been locked.” The message is full of typos, which could make you wonder if it really isn’t from the government. But it goes on to request personal financial information. Its definitely a scam.

IRS-impersonation Scam Emails

The IRS has emphatically stated that they do not send out unsolicited emails. So, if you receive an email that appears to be from the IRS, but requests personal / financial information, then chances are it is a scam. People who fall prey to these emails may become victims of identity theft if they give up the requested information to the scammer or if they unknowingly open up their computers to malicious software.

If you receive an email requesting personal information that appears to be from the IRS, do not open it and do not click on any links. You should immediately forward the email to, then delete the email. If you believe you have become a victim of identity theft, contact our tax relief firm and we may be able to help you.