Data theft scam involves filing fraudulent tax returns

Seeing the emergence of a new filing season scam, the Internal Revenue Service is urging tax professionals to step up security and beware of phishing emails that can secretly download malicious software that can help cybercriminals steal client data.

Only a few days into the filing season, the IRS has already identified a new scam that began with cybercriminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns.

In a new twist, the fraudulent returns in a few cases used the taxpayers’ real bank accounts for the deposit. A woman posing as a debt collection agency official then contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to forward the money to her.

“This newest scam also serves as a reminder to taxpayers that they should be alert to any unusual activity, such as receiving a tax transcript or tax refund they did not request,” the IRS said in a Feb. 2 statement.

This scheme is likely just the first of many that will be identified this year as the IRS, state tax agencies and tax industry continue to fight back against tax-related identity thieves.

Because of inroads against identity theft, cybercriminals have evolved their tactics to focus on tax professionals where they can steal client data.

Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions, the IRS said. Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.

When notified immediately IRS can take steps to help protect taxpayers from tax-related identity theft.

IRS Criminal Investigation agents are still reviewing this latest data theft scam.

“However, the vast majority of data thefts occur because the tax preparer or someone in the office opened a phishing email and clicked on a link or attachment that contained malware,” the IRS said.

“There are various forms of malware but some download secretly into computers and allow thieves to see each keystroke or give thieves remote access to computers,” the IRS added. “Both versions allow thieves to steal data stored on the computers.”

Tax professionals should review the Security Summit’s Don’t Take the Bait campaign, which outlined the various scams used by criminals to trick practitioners, the IRS said.

Tax professionals are urged to seek cybersecurity experts to help better secure their data.

Send suspicious tax-related phishing emails to phishing@irs.gov