Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
For years, income tax identity theft has followed a familiar pattern. Criminals use the stolen Social Security numbers of their victims to electronically file phony income tax returns with counterfeit W-2s and obtain a large refund. This scam will only work if the thief files a tax return before the legitimate taxpayer does so. This scam has cost the government billions of dollars each year.
Recently, through the joint efforts of the IRS, state tax officials, private sector tax preparers, and software companies, the IRS has succeeded in decreasing this type of income tax identity theft.
A New Tax Scam
However, the IRS is now issuing warnings about a new, ingenious mode of income tax identity theft being seen for the first time this tax season. The new model starts with phishing emails sent to accounting firms and tax preparers. Phishing emails are emails containing malware-infected links that lure the recipient into clicking on the link. The link then downloads keystroke-logging malware that enables the cybercriminal to gain access to all of the files of tax preparers, including past income tax returns of their clients. These phishing emails often appear quite legitimate and may be directed to the recipient specifically by name. They also are cleverly written to arouse the curiosity or trust of the recipient sufficiently to entice them into clicking on the malware-infected link. Cybercriminals with a knowledge of psychology that Freud would have envied are very adept at crafting successful emails. A recent study by software security company Kaspersky Lab found that the two most popular terms used in recent phishing emails have been “Bitcoin” and “FIFA.”
The cybercriminals then use the information on the clients’ income tax returns to prepare phony tax returns. Because the thieves include much of the legitimate information from past returns, these phony documents are less likely to be detected as bogus by the security software programs used by the IRS to detect identity theft.
But now comes the brilliant part.
The thief directs the IRS to send the bogus refund either electronically to the victim’s bank account or by check. Shortly thereafter, the victim receives a telephone call purportedly from the IRS or a collection agency on behalf of the IRS informing the taxpayer that an error was made and demands that the tax refund be wired back to the IRS immediately or there will be serious repercussions. The call may appear on the victim’s Caller ID as coming from the IRS, however this is easy to accomplish through a technique called spoofing. What makes the call appear truly legitimate is the fact that the caller is able to tell the victim the exact amount of the bogus refund.
The key to avoiding becoming a victim of this scam is to remember that the IRS does not call taxpayers demanding repayments of funds that may have been sent erroneously, and they never demand that tax payments be wired.
What to Do If You’ve Received a Fake Refund
So what do you do if you have already had funds electronically deposited into your bank account by the IRS as a result of this scam? In that event, you should contact the Automated Clearing House (ACH) department of your bank where the refund was sent and instruct them to return the funds to the IRS. Then call the IRS at 1-800-829-1040 to inform them what has happened and to alert them to the fact that you are returning the funds sent to you.
If the refund was sent to you by way of a paper check, you should write “Void” in the endorsement section on the back of the check and return the check to the IRS along with an explanation of what has happened. Indicate in your explanation that you are returning an erroneous refund check related to an income tax return that you did not file. If you have already deposited the check, you should call the IRS at 1-800-829-1040 and explain the situation. They will give you instructions as to what steps to take to return the payment.