Fraud

It’s been a while since I’ve posted to this web-page; but not for lack of news.  Rather, I did not want to beat the same drum and sound as though I were the harbinger of bad news stuck in the same groove of a scratched LP.  Indeed, I have kept abreast of scam and fraud issues on a constant basis and have continuously updated the list of phone numbers in the sidebar to the right.  I have long invited clients to contact me if they receive disturbing communications so that I may assuage their anxieties when threatened with legal summons, criminal enforcement, arrest and innumerable other implausible actions from supposed IRS agents.  And while I have asked clients to share the phone numbers that they have gleaned from scam callers and voice-mail messages so that I may add them to my warning list, I must admit that I have personally collected nearly all the numbers listed only because I have received the same calls that you have.  Just this week alone, I have fielded three such calls.  Sadly, I’m not special.  One client tells me that over the course of two weeks, he received nearly a dozen calls!  When he failed to rise to the bait, the callers finally left him in peace and moved on.

The IRS and state tax authorities are actively seeking to pursue perpetrators while at the same time protecting innocent taxpayers.  They’re trying… and failing.  In an effort to prevent scammers from filing tax returns with stolen Social Security Numbers, the tax authority issued special Identity Protection Personal Identification Numbers (IP PIN) to taxpayers who had been previously victimized.  Taxpayers whose personal information had been compromised by database breaches at the federal Office of Personnel Management (22.1 million records), Target (40 million), Home Depot (56 million), JP Morgan (76 million), Anthem (80 million),  and EBay (145 million), just to name a few, were encouraged to place fraud alerts with the credit reporting agencies as well as submit an Identity Theft Affidavit Form 14039 with the IRS to alert the agency that tax return information may have been placed at risk.  In response, the IRS would flag taxpayer accounts to ensure additional scrutiny. In January 2016, the IRS sent out letters issuing 6-digit PIN numbers to affected taxpayers and explained that these identifiers must be used when e-filing 2015 tax returns (except the IRS letters contained a typo which erroneously stated that the PINs were to be used for the 2014 tax year).  A succinct follow-up letter was sent to correct the error in date but, for security reasons, did not restate the assigned PIN.  Many taxpayers received the second, but not the first letter.  So now it’s time to file and my clients are providing me with the letter from the IRS that tells me that a PIN was issued but my clients have no clue what that number is; and without it, a return cannot be processed!

What was intended to provide an extra level of security, has instead become a nightmare as described by one of my clients:  “Today, at the instruction of the IRS, I have tried to retrieve our IP PIN on the IRS website, but it turns out our IP PIN number has been obtained by someone else, and they have created a (fake) online IP PIN account that I do not have access to password protected with a password they created, not me).  So the IRS gave me today two replacement IP PINs that we can use (one expires 4/15/16, the other 12/30/16, depending on when we file).  The IRS cannot say whether or not we will have a problem filing this year's return because someone has our originally-issued IP PIN. The IRS has made notes in our account, but apparently an IP PIN cannot be deactivated.  So it is possible someone uses the fraudulent IP PIN to file taxes under our information for 2015.”  Recognizing the failure of IP PIN program, the IRS claims that it will be using a “different authentication method next year” (Accounting Today, March 2, 2016).

Were that our only problem!  Clients have been receiving and forwarding messages such as these:

To be sure, these e-mails look official but on closer scrutiny, you’ll notice typos, punctuation and grammatical errors.  Furthermore, if you hover over the link in the message, you’ll immediately see that it is fraudulent:  http://www.powerprotein.es/themes/default/img/irs/irs/irs/irs/irs/irs/irs/irs/irs/irs/IRS.html.  Similarly, the senders’ e-mail addresses are fake.  The IRS has but one website:  https://www.irs.gov/.  And the IRS never communicates with taxpayers by e-mail.

Nor does the IRS make threatening phone calls or ask that taxpayers wire a payment or put money on a prepaid card.  On occasion, Revenue Officers may make unannounced visits to delinquent taxpayers but as TaxPro Weekly explains:  “Revenue Officers always carry credentials. It’s maroon with gold printing on the outside and flips open to show a picture of the Revenue Officer and his/her name. Occasionally a manager will accompany the Revenue Officer. If not, and you wish to verify the Revenue Officer’s identity, ask for the phone number of his/her manager.”

Finally, the IRS warns of a new e-mail phishing scheme that purports to be from company executives requesting employee personal information.  These spoof e-mails may, for example, contain the actual name of the company’s chief executive officer asking the payroll office to provide “individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review” or “an updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)” with a request to “kindly prepare the lists and email them to me asap.”

Creativity abounds.  And just as we are forewarned of one scam, another pops up!  What to do?

• Beware.  Be alert.  Be vigilant.
• Contact me if you have any questions or are unsure if you’ve been contacted by the real IRS or a scammer.
• Share the e-mails that you receive and calls that you get with me so that I can continuously update my site to help protect prospective targets.

You may indeed be that next victim!

The Washington Post reports that IRS Commissioner John Koskinen will meet with the chief executives of Intuit and H&R Block, along with state tax authorities and other tax preparation companies to discuss ways in which tax preparation companies and the tax authorities could collaborate to address identity theft.  Last month, Intuit temporarily halted the submission of state tax returns due to a surge in suspicious filings.  In fact, Intuit’s screening systems routinely identify millions of returns each year that are potentially “suspicious”; however, the company claims that it does not have the authority to reject a fraudulent tax return.  It is for this reason that the company is calling for industry-wide standards outlining how much tax preparation companies can do to halt fraud.

Meanwhile, Koskinen is urging the Congress to make a simple change in federal law that would make it easier for the tax agency to stop identity theft used to claim billions in taxpayer refunds each year.  The commissioner explains that employers are required to issue W-2 wage reporting statements to their employees on or before January 31st each year but that the employers have until the end of February to submit the same W-2s to the tax authority.  That gives scammers a whole month during which to file fraudulent returns in hopes of claiming illegal refunds while the IRS remains unable to match employer and employee information.

The warnings are coming Fast and Furious.  If only there were but seven of them, like the movie franchise whose latest installment is expected to hit theaters on April 3rd.  I only just finished posting yesterday’s alert regarding a bogus e-mail scam and already I must share another caution issued by the IRS.

The tax authority has received reports of unscrupulous income tax preparers who misinform their clients that the Affordable Health Care Act's individual shared responsibility payments should be made directly to the tax practitioner.  The IRS reminds taxpayers that the payment should be made only with their tax return or in response to a letter from the tax authority but never directly to an individual or return preparer.  In fact, very few taxpayers will be required to make any payments since most individuals have the requisite health insurance coverage or qualify for a coverage exemption.

CPA Practice Advisor suggests that if you believe you have been targeted by an unscrupulous preparer or you have been financially affected by a tax return preparer’s misconduct or improper tax preparation practices, you can report it to the IRS and lodge a complaint against a tax return preparer  on Form 14157.

It looks real enough – see for yourself:

The logo looks right; the e-mail address looks right.  The typo not-so-much:  “This information is use [sic] for identity verification purposes only.”  But for those recipients who might not carefully peruse every e-mail they receive with an editor’s eagle eye, this e-mail looks real enough.

It isn’t!

It is merely another arrow in the quiver of scammers seeking to rob you of your identity. Do not click on the link!  I remind you once again that the IRS categorically does not contact taxpayers to verify information or communicate about any tax issue.  Indeed, if you click on the link provided in the e-mail, you’ll be routed to a website in Hungary; not to the IRS.

If ever you are unsure of the source of an e-mail or a link that has been sent to you even from friends and family, safe browsing protocols suggest that you place your cursor over the link and just hover but don’t click.  The address of the linked website will pop-up, either in a dialog box right next to the link or in the status bar at the bottom of the page if you’re using Internet Explorer, Firefox and most other browsers.  If it doesn’t look right, don’t click.  Stop, close and delete the e-mail.  Stay safe, not curious.

The National Center for Charitable Statistics (NCCS) has reported to the IRS that its database has been breached.  This unauthorized access affected nonprofit users of IRS Forms 990, 990-EZ, and 990-N (e-Postcard).  Established in 1982, the Center’s mission is to “develop and disseminate high quality data on nonprofit organizations and their activities for use in research on the relationships between the nonprofit sector, government, the commercial sector, and the broader civil society.”  Alas, NCCS now warns that the username, first and last name, email address, IP address, phone number, and password associated with the nonprofit organizations in their database have been compromised.  The Center has contracted with a leading cybersecurity firm to analyze the situation and strengthen security and recommends that users of the organization’s website change their passwords immediately; particularly if the same passwords are used to gain access to other websites.

While Anthem continues to conduct its forensic investigation to determine exactly which members were impacted by the recent cyber-attack, the company has sent an e-mail recommending steps that victims may take to protect themselves against potential tax refund fraud.  The company’s message points out, “you may not need to take the suggested steps if you are not personally impacted, but since no one knows for sure yet, we did want to bring this to your attention as a resource for awareness purposes.”

The letter refers Anthem members to an IRS article on how to avoid tax refund fraud, wherein the IRS suggests that affected taxpayers may file Form 14039 to alert the federal government that their Social Security Numbers have been or are believed to have been compromised.  Taxpayers should also alert the tax authority in their own states.  Links to the federal and California Identity Theft Affidavits are available on this page.

In response to the massive data breach at Anthem which could potentially affect 80 million customers, Connecticut tax Commissioner Kevin Sullivan is advising taxpayers who are expecting federal or state income tax refunds to file their tax returns as soon as possible.  "The personally identifiable information apparently hacked at Anthem is exactly what tax fraud thieves use to make false refund claims that appear to be legitimate. They will try to file for and steal the refund before the real taxpayer has a chance. Then the taxpayer will be denied the refund and it can take years to resolve the problem.”    Anthem, Inc. is the second largest health insurer in America and manages accounts associated with Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup , Caremore, Unicare, Healthlink, and DeCare.  Affected taxpayers in other states should heed this warning as well.

Intuit is once again processing state tax returns after temporarily suspending its e-file services amidst concerns that taxpayer data had been compromised.  (Federal e-file was not affected.) The software company engaged the services of a third party internet security expert which has at least initially concluded that data used to file fraudulent state tax returns was obtained from sources outside of the tax preparation process and not as a result of a breach within the TurboTax program.  Intuit continues to work with state tax authorities and has implemented targeted security measures.

Taxpayers, of course, have a myriad of questions and concerns regarding tax ID fraud that Forbes explains with remarkable simplicity and clarity – here are pertinent excerpts:

Criminal tax fraud is big business – but it’s also a crime of opportunity. The more difficult it is to take advantage, the more likely the bad guys are going to pass. That’s probably why criminals appeared to be targeting state returns and not federal returns. The potential kitty might be better at the federal level but in many cases, Internal Revenue Service (IRS) has stronger fraud detection systems in place than some states.

Additionally, Social Security Numbers are checked and cross-checked at the federal level, making it more difficult to file more than one return with the same number. For state purposes, the same level of checks doesn’t exist – either inside a state or between states – so that a single Social Security Number could be filed at multiple agencies in potentially multiple states without any knowledge that the number was being used fraudulently.

The article explains that the use of online tax preparation software makes the filing process easier for taxpayers but also fraudsters since it requires no actual verification of identity.  Common to all online tax software companies, Forbes speculates that TurboTax was targeted because the program allows taxpayers (and fraudsters) to file for free and because TurboTax allows taxpayers to prepare, print and mail (rather than e-file) a federal return while still submitting a state return electronically.  A fraudster who hopes to avoid detection can choose not to submit the federal return; thereby, avoiding the more stringent security controls put in place by the IRS.  H&R Block, in contrast, requires federal e-file acceptance before its program will transmit a taxpayer’s return to state authorities.

To assist TurboTax customers who believe they may have been victims of tax fraud resulting from a breach of their tax preparation software security, Intuit has a dedicated toll-free number with direct access to specially trained identity protection agents who will provide comprehensive support and filing assistance:  (800) 944-8596. In addition, Intuit will provide identity protection services and free credit monitoring, as well as provide access to all versions of its software or to the assistance of one of Intuit’s credentialed tax experts who will prepare taxes for affected customers at no expense.

Intuit, maker of the popular do-it-yourself tax preparation software, has announced that it will temporarily halt the e-filing of all state returns due to an increased incidence of fraudulent filings.  CNBC reports that “the company said it did not believe its systems had been compromised” and that this was merely a "precautionary step.”  The company hopes to resume e-filing in a matter of hours rather than days.  NOTE:  Intuit’s other products, including Lacerte, Intuit Tax Online, and ProSeries are not affected.

I was out of the office on business most of yesterday.  When I returned I found four messages on my telephone answering machine, three of which had been left in close succession with the identical content informing me that I had been called to appear before a grand jury.  The caller requested that I return his call promptly with the suggestion that I should help him help me.

Since I do not have caller ID, I have come to rely on Google.  So, without hesitation, I typed (213) 260-2296 into the search bar of my internet browser and promptly got a number of hits.  I clicked on the first one and read:

Call From: (213) 260-2296
Caller: Steve Martin
Caller Type: Scam

I scrolled down to read comments posted by others – even one who posted the voice-mail message he had received verbatim.  I was not at all surprised to find that it was identical to the messages that had been left for me.

"Hi. This message is intended to contact you. My name is Steve Martin and I am calling regarding action executed by US treasury intending your immediate attention. Ignoring this will be an intentional second attempt to avoid initial appearance before a magistrate judge or grand jury for a federal criminal offense. My number is 213-260-2296. I repeat 213-260-2296. I advise you to cooperate with us and help us to help you."

This, then, gave me an idea:  While I encourage all of my clients, friends and family to similarly search the web before panicking and succumbing to a phone scam, I’d also like to suggest that you submit an informal report to me.  With your help, I’ll try to maintain a database of these numbers and post them to my website so that others may be forewarned.

The Treasury Inspector General for Tax Administration (TIGTA) reports that the IRS impersonation phone scam has claimed nearly 3,000 victims who have collectively paid over $14 million.  This scam, which is international in nature, has proven to be the largest scam of its kind that we have ever seen. The callers are aggressive, they are relentless, and they are ruthless. Once they have your attention, they will say anything to con you out of your hard-earned cash.  The scammers threaten those who refuse to pay with immediate arrest, deportation or loss of a business or driver’s license.  The callers who commit this fraud often use an automated robocall machine and employ common names and fake IRS badge numbers. They may already know the last four digits of the victim’s Social Security Number.  The scammers can make their caller ID information appear as if the IRS is calling. They may also send bogus IRS e-mails to support their scam. In addition, they many call a second or third time claiming to be the police or the Department of Motor Vehicles, and the caller ID will again support their claim.

NOTE:  The IRS usually first contacts people by mail—not by phone—about unpaid taxes. The agency will not ask for payment using a pre-paid debit card or wire transfer. IRS employees also will not ask for a credit card number over the phone.  In addition, the IRS will never request personal or financial information by email, texting, or any social media.  (Accounting Today, January 21, 2014)

Not even the nation’s top law-enforcement officer is safe from the growing number of fraudsters filing false tax returns based on stolen identities.  Two Georgia men filed a tax return with the name, birthday and social security number of Attorney General Eric Holder in hopes of getting his refund, according to federal prosecutors in Atlanta.  (Wall Street Journal, March 12, 2014)