Each year, IRS puts out a series of press releases warning taxpayers of twelve schemes they call the "Dirty Dozen." The items on the list can change from year to year, and several typically have to do with taxpayers attempts to game the system by understating income, overstating deductions, engaging in "tax shelter" transactions, and so forth.
But for the past several years, the top three items on the list have been identity theft, phone scams, and phishing schemes - situations in which ordinary people are vulnerable simply because they are trying to comply with the tax laws.
Each year IRS identifies literally millions of returns in which a thief has used someone else's Social Security number to claim refunds. While the agency says it is making progress in detecting and preventing identity theft, "criminals continue to look for increasingly sophisticated ways to breach the tax system," including phishing and phone scams.
The same week IRS released its "dirty dozen" list in February, it also updated a consumer alert for e-mail schemes, noting a four-fold increase in phishing and malware incidents in just the first two months of this year. The alert described scenarios in which a taxpayer responds to an e-mail or text message pretending to be from IRS, and ends up providing sensitive information to identity thieves - and sometimes also downloading malware that continues to retrieve data from the victim's computer.
These situations might be avoided, the agency said, if taxpayers understood that an unsolicited phone call or e-mail or text message will literally never in fact be from IRS.
If the agency believes a taxpayer owes money, it will first send an invoice by mail. IRS will not demand payment without first affording the taxpayer an opportunity to dispute the amount. The agency will not demand payment by credit or debit card, or by any specific method, and it will not ask for card numbers over the phone or by e-mail.
A number of pages on the IRS website provide information on what a taxpayer can do if he or she believes the security of his or her identifying information has been compromised. We also stand ready to help. Please contact us.