6 ways to pay your estimated taxes
New IRS withholding tables reflect lower tax rates, but Treasury says most people still will get refunds next year

Tax identity thieves get a head start on 2018 filing season

Phishing scam hook keyboard

Some folks are taking seriously the traditional tax advice to start annual tax filing tasks early. Unfortunately, those folks are crooks.

The Internal Revenue Service and its Security Summit partners in state tax agencies and the tax industry have announced that they're seeing early signs that cyber criminals already are working to infiltrate the tax process.

Tax practitioners are the prime targets as the 2018 filing season's opening on Jan. 29 nears.

Fraudsters are sending a new round of emails in which they pose as potential clients or even the IRS to trick tax professionals into disclosing sensitive information, according to the IRS.

Similar phishing attempts aimed at tax preparers appeared throughout 2017. The schemes have ranged from crooks purporting to be tax software companies, representatives of a tax software education provider and even the IRS e-services system.

It looks like 2018 will be no different.

Phishing again targets tax pros: Tax professionals already this early into 2018 have reported numerous attempts by fraudsters to pierce their security by posing as potential clients. And yes, this is the same type of fake taxpayer scheme that cyber criminals used to kick off tax season 2017.

Just like last year, the emailing crooks are using trying to trick tax practitioners into opening a link or attached document.

In their fake personas as potential clients, the crooks have the following types of email messages (spelling, grammar and punctuation mistakes left in the examples) to tax pros:

"Happy new year to you and yours. I want you to help us file our tax return this year as our previous CPA/account passed away in October. How much will this cost us?...hope to hear from you soon."

"Please kindly look into this issue, A friend of mine introduced you to me, regarding the job you did for him on his 2017 tax. I tried to reach you by phone earlier today but it was not connecting, attach is my information needed for my tax to be filed if you need any more Details please feel free to contact me as soon as possible and also send me your direct Tel-number to rich (sic) you on."

"I got your details from the directory. I would like you to help me process my tax. Please get back to me asap so I can forward my details."

If a tax practitioner responds to the email request, the fraudster will send a second email that contains either a phishing URL or an attached document that contains a phishing URL, claiming their tax data is enclosed.

The fraudster wants the tax pro to click on the link or attachment and then enter their credentials.

In some cases, the URL or attachment might be malicious and if clicked will download malicious software onto the tax pro’s computer.

Depending on the malware involved, this scheme could give fraudsters access to victimized tax preparers' secure accounts or sensitive data. It may even give the criminal remote control of the tax professionals' computers.

e-Services bait back on phishing hook: In addition to the repeat of the fake client phishing, the IRS says it's also gotten reports recently of fraudsters again posing as IRS e-Services.

As happened last fall, these latest e-Services fake emails ask tax pros to sign into their accounts and provide a disguised link for them to ostensibly do that. The link, however, sends tax pros to a fake e-Services site that steals their usernames and passwords.

The IRS notes that this type of scam is one of the reasons the agency has moved e-Services to the more stringent identity-proofing Secure Access process.

All e-Services account holders upgrade their accounts to this more rigorous authentication process. If you have an e-Services account and have not updated your account, the IRS encourages you to do so immediately.

Follow tax security best practices: As the tax season proceeds, tax crooks are only going to step up their tax identity theft and refund fraud attempts.

The best defense here is to follow the general tax security protocols to protect yourself and your tax clients' data. These include:

  • Be suspicious of any email seeking confidential data.
  • Never, ever, ever, — did I and the IRS say ever? — ever open a link or an attachment from an unsolicited email. Legitimate software providers and the IRS do not embed links into emails asking tax pros to validate passwords.

  • Tax preparers should make sure that every member of the office, from fellow tax practitioners to administrative staff, knows these rules so they can protect not only your clients' data, but also your tax business.

Tax pros also can get additional scam information and tips on how to protect themselves and clients at the IRS Security Summit's Don’t Take the Bait website.

Individual filer cyber safety tips: We individual taxpayers also need to be on guard. The tax crooks are coming for us, too.

To guard against someone stealing our identities and using the data to file fake tax returns in our names, Experian's identity protection product IdentityWorks suggests:

  • File early to lessen the window of opportunity for a criminal to file first.
  • Thoroughly research any paid preparer or tax-preparation software. Scammers set up fake websites and software downloads solely designed to trick consumers into providing their personal information.
  • When filing electronically, ensure that the computer used is on a secured network, and is protected with the most up-to-date anti-virus and anti-malware software. Do not use public Wi-Fi.
  • Ask potential tax preparers to explain how they file and what steps they take to protect customer information.
  • Don't respond to any emails or text messages from anyone who says they're with the IRS, as the organization typically makes first contact with individuals via phone or traditional mailed correspondence. No IRS representative ever will ask for immediate payment via phone.
  • Residents of Florida, Georgia or the District of Columbia can choose to get an Identity Protection PIN (IP PIN), which is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of their Social Security number on fraudulent federal income tax returns. 

Credit bureau contact infoIf crooks do/did manage to steal your tax and financial identity despite your precautions, check your credit report for any additional fraudulent activity. You can get copies of your credit reports directly from each of the three major credit bureaus: EquifaxExperian and TransUnion.

The IRS also wants to know about any and all tax scam attempts so it can get the word out early and prevent or limit any potential damage. Send a copy of any phishing email to the tax agency at [email protected].

Most of all, use your common sense. If your gut is telling you something seems fishy, then it likely is phishy. Don't take the bait.

You also might find these items of interest:



Feed You can follow this conversation by subscribing to the comment feed for this post.


You mention that, "Residents of Florida, Georgia or the District of Columbia can choose to get an Identity Protection PIN (IP PIN)."

I have tried to obtain one online to no avail. Most of the time the IRS has that page down for maintenance. I try it when the page is supposedly functional and I get an error message. I've called the IRS's customer service and they state they cannot help with this.

If anyone reading this has experienced similar issues, and has resolved them, I pray tell.

The comments to this entry are closed.