Security Information
Tax Fraud: The IRS Dirty Dozen List
March 2021
The Criminal Investigation (CI) unit is a special criminal division of the IRS. The CI is tasked with investigating and uncovering tax-related crimes and prosecuting these cases. Each year the CI provides the IRS an annual report detailing their work and highlighting their successes and enforcements related to tax and financial crimes. Why is this important to you? The work of the CI is critical in protecting taxpayers as well as maintaining the integrity of our financial system. Even more importantly, the information uncovered by the CI paints a very clear picture of the criminal activities on the rise and provides each of us an understanding of what to watch out for and how to protect ourselves and our personal information in the future.
In 2020, $2.3 billion was identified as tax fraud including general tax fraud, abusive tax schemes, unemployment tax, identity theft, and refund fraud. Unfortunately, tax crimes in 2020 had thieves preying on those who needed financial assistance the most due to COVID-19 impacts. These tax crimes were more complex and sinister than ever before and included theft through identity theft, phishing, fake charities, false claims, and more.
Each year the IRS reports on the "Dirty Dozen", a list of the 12 most prevalent tax crimes of the year. It probably comes as no surprise that the 2020 list focuses attention on the new coronavirus tax relief, including economic income payments. According to the IRS, "This year, the Dirty Dozen focuses on scams that target taxpayers. The criminals behind these bogus schemes view everyone as potentially easy prey. The IRS urges everyone to be on guard all the time and look out for others in their lives." While it's important to pay special attention during tax season, taxpayers are encouraged to review the list in a special section on IRS.gov and be on the lookout for these scams throughout the year.
Let's take a look at last year's Dirty Dozen scams as reported by the IRS. [The following is an excerpt from their report and has been edited for this audience]:
Phishing:
The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or Economic Impact Payments. Don't click on the website or email links claiming to be from the IRS, they may be nothing more than scams to steal personal information. CI has seen a tremendous increase in phishing schemes utilizing emails, letters, texts, and links. These phishing schemes are using keywords such as "coronavirus," "COVID-19" and "Stimulus" to play on fears of the virus and stimulus payments. For more information see IR-2020-115, IRS warns against COVID-19 fraud; other financial schemes.
Fake Charities:
Criminals use situations like the COVID-19 pandemic to set up fake charities, designed to steal from well-intentioned people. These schemes normally start with unsolicited contact by telephone, text, social media, email, or even in-person. They may even claim to be working for or on behalf of the IRS to help victims file casualty loss claims and get tax refunds. Legitimate charities will provide their Employer Identification Number (EIN), if requested, which can be used to verify their legitimacy. Taxpayers can find legitimate and qualified charities with the search tool on IRS.gov.
Threatening Impersonator Phone Calls:
Criminals impersonating the IRS is becoming more common. Threatening phone calls from a criminal claiming to be with the IRS, scammers scare the potential victim into handing over vital information. Scam phone calls can include threats of arrest, deportation, or license revocation if the victim doesn't pay a bogus tax bill. These calls often take the form of a "robocall" (a text-to-speech recorded message with instructions for returning the call). Remember, as scary as they may be, the IRS will never demand immediate payment. They do not threaten, ask for financial information over the phone, or call about an unexpected refund or Economic Impact Payment (EIP).
Social Media Scams:
Taxpayers need to protect themselves against social media scams. These scams have led to an increase in tax-related identity theft. Scammers start by convincing a potential victim that he or she is dealing with a person close to them, that they trust, via email, text, or social media messaging. These are just access points for malware that can be used to infiltrate the victims accounts and devices. Once these criminals have access to one account, they use that account and the associated trust in the victim, to infiltrate the victim’s contacts, including family and friends.
EIP or Refund Theft:
The IRS has made great strides against refund fraud and theft in recent years, but it remains an ongoing threat. In 2020, criminals also turned their attention to stealing Economic Impact Payments as provided by the Coronavirus Aid, Relief, and Economic Security (CARES) Act. Much of this stems from identity theft, whereby criminals file false tax returns or supply other bogus information to the IRS to divert refunds to addresses or bank accounts they control. Taxpayers can consult the Coronavirus Tax Relief page of IRS.gov for assistance in getting their EIPs. Anyone who believes they may be a victim of identity theft should consult the Taxpayer Guide to Identity Theft on IRS.gov.
Senior Fraud:
Seniors are more likely to be targeted and victimized by scammers than other segment of our society. Older Americans are becoming more comfortable with evolving technologies, such as social media. Unfortunately, that gives scammers another means of taking advantage of them. Phishing scams linked to COVID-19 have been a major threat and seniors need to be alert for a continuing surge of fake emails, text messages, websites, as well as social media attempts to steal personal information.
Scams Targeting non-English Speakers:
IRS impersonators and other scammers also target groups with limited English proficiency. Phone scams pose a major threat to people with limited access to information, including individuals where English is not their first language. These calls frequently take the form of "robocalls". A common one remains the IRS impersonation scam mentioned above where a taxpayer receives a telephone call threatening jail time, deportation, or revocation of a driver's license from someone claiming to be with the IRS. Taxpayers who are recent immigrants often are the most vulnerable and to be aware of these scams.
Unscrupulous Return Preparers:
Most tax professionals provide honest, high-quality service, but dishonest preparers pop up every filing season committing fraud, harming innocent taxpayers or talking taxpayers into doing illegal things they regret later. Taxpayers should avoid so-called "ghost" preparers who expose their clients to potentially serious filing mistakes as well as possible tax fraud and risk of losing their refunds. Ghost preparers don't sign the tax returns they prepare. By law, anyone who is paid to prepare or assists in preparing federal tax returns must have a Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on returns. Taxpayers are ultimately responsible for the accuracy of their tax return, regardless of who prepares it. Taxpayers can go to a special page on IRS.gov for tips on choosing a preparer.
“Offer in Compromise” Mills:
Taxpayers need to be wary of misleading tax debt resolution companies that can exaggerate chances to settle tax debts for "pennies on the dollar" through an Offer in Compromise (OIC). These offers are available for taxpayers who meet very specific criteria under law, but unscrupulous companies oversell the program to unqualified candidates. Individual taxpayers can use the free online Offer in Compromise Pre-Qualifier tool to see if they qualify. This tool allows taxpayers to confirm eligibility and provides an estimated offer amount. Taxpayers can apply for an OIC without third-party representation, but the IRS reminds taxpayers that if they need help, they should be cautious about whom they hire.
Fake Payments with Repayment Demands:
Criminals are always finding new ways to trick taxpayers into believing their scam including putting a bogus refund into the taxpayer's actual bank account. A scammer obtains a taxpayer's personal data, including Social Security number or Individual Taxpayer Identification Number (ITIN), and bank account information. They then file a bogus tax return and have the refund deposited into the taxpayer's account. The taxpayer is told that there's been an error and that the IRS needs the money returned immediately. The scam then devolves into a gift card request for the amount of the refund. Anytime you receive an unexpected return you should reach out to your banking institution and to the IRS, and remember; never send gift cards to someone you don’t know.
Payroll and HR Scams:
As criminals get more creative, the fraud points move further upstream. Using spoofing email tactics, fraudsters are stealing W-2’s and other sensitive information from HR and tax professionals. Once in possession of this information, fraudsters will reach out to individuals, often after depositing money into their accounts and request repayment of those funds via gift card. These scams have used a variety of ploys to include requests for wire transfers or payment of fake invoices. The IRS has observed variations of these scams where fake IRS documents are used to lend legitimacy to the bogus request. The IRS requests that Form W-2 scams be reported to: phishing@irs.gov (Subject: W-2 Scam).
Ransomware:
Ransomware is malware targeting human and security weaknesses to infect a potential victim's computer, network or server. Victims generally aren't aware of the attack until they try to access their data, or they receive a ransom request in the form of a pop-up window. These criminals don't want to be traced so they frequently use anonymous messaging platforms and demand payment in virtual currency such as Bitcoin. Criminals might use a phishing email to trick a potential victim into opening a link or attachment containing the ransomware. These may include email solicitations to support a fake COVID-19 charity.
We are here for you!
Following the IRS's advice in each instance is important but also know that we are here for you! While it's important that you are aware of the above tax-related risks and practice good habits to protect your identity, we want you to remember that Garden Island Federal Credit Union has you covered in the event of tax-related or any type of identity theft. If you are a Māla Checking Account holder, you have Fully Managed Identity Theft Recovery. Should you feel your identity has been compromised, we have professional Identity Theft Recovery Advocates standing by. These Advocates work on your behalf to help recover and to help you reverse any damage caused by identity theft. Contact us or find out more about this and other benefits of Māla Checking Account by visiting https://gardenisland.nxgstrategies.com/.
Top 10 Identity Theft Myths
February 2021
Myths can be powerful. They are often used to explain the unknown or rationalize things that seem out of our control. Kicking off the new year (especially this year!) seems like the right time to dispel some of these myths and make new resolutions to renew good habits for protecting personal information in 2021.
This month we count down the Top 10 Identity Theft Myths that you need to stop believing. In addition to helping you better understand the risks of identity theft, we want to give you the comfort of being prepared. And most importantly, we want you to feel reassured knowing that there are professional Identity Theft Recovery Advocates standing ready to take on the problem of identity theft on your behalf, no matter how it occurs.
In today's world it is more important than ever to focus on the things that we can control to better safeguard our financial future. It's easy to get complacent, lulled into a false sense of security, when there are many other more urgent things to think about. That's why we assembled the Top 10 Identity Theft Myths that you need to stop believing now. Along with this information are suggested resolutions for the new year that, if followed all year long, will better protect your identity both online and offline.
Myth #10 - Identity thieves are mysterious, scary people.
It's true, identity thieves do exist in dark places but they can also live in your neighborhood, shop at the same stores as you, and some may even frequent the same coffee shops. The most damaging identity thief can actually be your co-worker that stumbled upon sensitive data, only to give in to the temptation of easy money. Your resolution: Always keep a close eye on your devices and the people around you and no matter what, never share privileged information like passwords with anyone – whether it is a friend, co-worker, or your boss.
Myth #9 - Phishing scams are easy to spot.
We've all seen examples of how phishing scams can camouflage themselves to appear legitimate, but may leave tell-tale signs to spot, such as misspellings, improper use of the English language, or an obvious redirection of the real company's URL. However, scammers are becoming more careful and sophisticated. It may not be so easy to spot a phishing email. As an example, customers of a well-known sandwich chain recently had their accounts hacked via a loyalty program scam. In this scam customers received an email asking them to "check the order" from this sandwich chain that they used frequently. Thinking that there was a mix-up on an order, or they were about to get free food, customers clicked on the link and the damage was done. This activity launched malware that allowed the scammer to infiltrate their account even further. Your resolution: Know the most common signs of a phishing email but don't believe that it will protect you 100%. Even the most sophisticated users can fall victim to sophisticated phishing scams. Start with this article from the Federal Trade Commission to learn how to recognize phishing.
Myth #8 - I know a fake call when I hear one.
While email "phishing" is an attempt to trick a person into giving up personal information, "vishing" is the same except the method is using a telephone call. The scammer creates a scenario to prey on human emotions, commonly greed, fear, or empathy, and convinces the victim to disclose sensitive information like credit card numbers or passwords. In particular, vishing calls exploit the fact that we're more likely to trust a human voice — and may target the elderly and technophobic who may be naive and have no experience with these types of scams. Your resolution: Never give out personal information to someone on the phone, even if you feel pressured to do so. You can always tell the caller that you will call back to a published number for the company that they say they represent. An ethical person will never object. Click to see a video of an actual vishing call and how easy it is for a professional visher to elicit confidential information over the phone.
Myth #7 - Social media is safe as long as I only share with family and trusted friends.
Of course these treasured friends and family would not do anything intentionally to expose you to fraud. However, when posts are being shared time and time again it is easy for malicious games, click-bait, and bogus retail offers to get passed to you innocently. In the first six months of 2020, people reported losing a record high of almost $117 million to scams that started on social media platforms like Facebook, Instagram, Snapchat, and Tik Tok. Your Resolution: Review your social media privacy settings, and in particular what you are sharing publicly. Don't participate in online games which ask for the month, day, or year of your birth, your mother's maiden name, or the name of your favorite pet. These pieces of information, along with others, can be used to defeat security measures on your accounts and to guess your passwords. Check out this article from the Federal Trade Commission on Scams that Start with Social Media for additional advice on staying safe.
Myth #6 - If I am a victim of identity theft, I will get an alert.
Credit Monitoring and Dark Web Monitoring are two of the most common types of alert services that help consumers know if their personal information may be at risk. These services and others are excellent for alerting consumers that their personal information is at risk, sometimes allowing the consumer to get ahead of fraud. However, there are some types of identity theft that even the most sophisticated monitoring can't detect. The most common is "credit account takeover" where a criminal poses as you and takes over your existing lines of credit. Since this is not a new account, credit monitoring will not alert you to this activity. Another type of identity theft that evades monitoring is synthetic identity theft. In this scenario, the identity thief will use only one part of your identity information, typically your Social Security number, but they will use a different name and address when they apply for credit. This type of fraud sets up a totally different file at the credit reporting agencies. Since this new "synthetic" fake identity does not match your exact name, address, and Social Security number, there will be no alert generated. Your Resolution: Make sure that you have Credit Monitoring and Dark Web Monitoring working to help you stay aware of risks and take action early, but don't get a false sense of security. You still need to review your account statements often to detect any transactions that you do not recognize. To learn more about protecting yourself from synthetic identity theft see this article from Better Business Bureau.
Myth #5 - It's no big deal if someone breaches my email.
"All I have in there are cat pictures and emails to my child's teacher. Good luck making something out of that!" For a hacker, email addresses can be priceless. They can use the address itself in spoofing and phishing scams. They can use it to build synthetic identities to open fraudulent lines of credit. Further, they can rummage through your email account and, in between the cat pictures and school e-mails, maybe find a tax return or mortgage application that has your Social Security Number, address, and date of birth - a gold mine for hackers! Your Resolution: Treat your email account like cash, because it can be to a fraudster. Change your password often. And if you get hacked, here is helpful information from the Federal Trade Commission on what to do next.
Myth #4: I use antivirus software so I'm fine. I will know if something bad gets to my device or information.
Because antivirus software vendors are almost always playing defense against hackers, using antivirus software will never protect you 100%. And many people download antivirus software and then just forget about it for months, or even years. To stay current, antivirus software needs maintenance and updates, and it needs to remain active on a subscription. Even free antivirus software may have a time limit after which the service ends or it invites you to join a paid service. Plus there are many ways that a fraudster can get your personal information without gaining access to your computer, such as intercepting your online signal while you are using an unsecured Wi-Fi connection. Your Resolution: Check for updates for your antivirus software regularly and make sure that your subscription does not expire. Use caution around email attachments and don't open an attachment simply because it looks as though it is coming from someone you know. Don't fall for offers of "free" things on the internet, in particular screen savers, as these could be distributing viruses, adware or spyware. If a window pops up on your computer screen and you are not sure if it is legitimate, close it using the "x" in the upper right corner. Clicking on ANY other button, even "no" or "cancel" may trigger a virus or spyware installation.
Myth #3: I use complex passwords.
Password strength only helps if someone is trying to guess your password. While having a complex password is still a good idea, and required by most companies, long gone are the days when a complex password with a certain number of characters and symbols alone was enough to deter thieves from accessing your accounts. Today, cybercriminals have the ability to run billions of password combinations through sophisticated programs. Breaking into an account can take seconds, instead of days or weeks. In addition, criminals most often gain access to passwords through a breach of security of a company, retailer, service provider, government agency, medical facility, school, or other organization. In many cases these companies do encrypt passwords before they are stored, or their level of encryption is not strong enough. This means that criminals can gain access to huge caches of passwords all at one time. Your resolution: Change your passwords often, which is one of the most important security measures that you control. Also, it is important to use different passwords for your various accounts. If a criminal is able to gain access to one of your passwords you don't want it to provide the universal key to unlock all of your accounts.
Myth #2: My personal information is already out there. It doesn't make any difference if I am careful.
It is true that there have been some very large data breach incidents in the past several years, such as Equifax and the United States Office of Personnel Management, that have exposed the personal information of millions of Americans. In addition, there are hundreds of other smaller data breach incidents each year. But this is the very reason that all of us must be more careful with our personal information, and more vigilant. An identity thief who is intent on "grooming" a stolen identity, that is using the identity for an extended period of time, will look for a victim who is careless with their online and offline habits. Your Resolution: Double-down on those boring habits that make it more difficult for an identity thief to make you their victim. Change your passwords often, don't use the same username and password combination for all of your accounts, watch your banking and other transaction statements for suspicious activity, take part in Credit Monitoring and Dark Web Monitoring to be alerted when your information may be exposed, and seek professional help quickly if identity theft strikes.
Myth #1: It only happens to other people. I don't have a lot of money, therefore I am not a target.
The Federal Trade Commission's annual report on fraud, the Consumer Sentinel Network Data Book, was last published in January 2020, and estimates that as many as 9 million Americans have their identities stolen each year. This reports also shows that identity theft occurs in all age ranges, even young children whose identities can be used to establish an alternate identity for illegal purposes. The report also details identity theft by state, which shows that this crime knows no physical boundaries. Economic status is not important to an identity thief. Even if you believe that you do not have enough credit or assets to be a target, your identity information is still worth a goldmine an identity thief. Your Resolution: Stay vigilant. Treat your identity information as you would cash. Share it only when necessary and keep it safe. The irony of this statement is, regardless of the balance in your bank account or the credit limit on your credit card, you are still extremely valuable to criminals.
We are there for you!
While it's important that you know the risks and practice good habits to protect your identity, we want you to remember that Garden Island Federal Credit Union has you covered in the event of identity theft. If you are a Māla Checking Account holder, you have Fully Managed Identity Theft Recovery. Should you feel your identity has been compromised, we have professional Identity Theft Recovery Advocates standing by. These Advocates work on your behalf to help recover and to help you reverse any damage caused by identity theft. Contact us or find out more about your benefits of being a Māla Checking account holder by visiting https://gardenisland.nxgstrategies.com/.