Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals.
The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Recognize the telltale signs of a scam. See also: How to know it’s really the IRS calling or knocking on your door.
About The PIV Credential
The USAccess credential meets the card topology (or credential visual appearance) requirements of Federal Information Processing Standard (FIPS) 201: Personal Identity Verification (PIV) located at http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-2.pdf and National Institute of Science and Technology (NIST) Special Publication 800-104 located at http://csrc.nist.gov/publications/nistpubs/800-104/SP800-104-June29_2007-final.pdf
Card topology requirements met include:
- Multiple credential security features, such as microprinting, laser engraving, and optical variable ink to help reduce counterfeiting
- Long life, multi-layer PET/PVC credential body construction
- Clear, laminate overlay to help protect the credentials from normal wear and tear
PIV Credential Appearance
In order to provide a standard, easily recognized government-wide credential, all USAccess generated credentials feature common visual elements that are printed in the same location on each credential.
Common visual elements on USAccess credentials include mandatory information such as:
- Issuing agency’s seal
- Agency’s return address
- A picture of the credential holder
- Credential holder’s physical characteristics (height, eye color, hair color, etc.)
These common elements are placed according to NIST guidelines, and are printed in the same location on the credential, regardless of the issuing agency.
Once enrolled in the USAccess Program, the participating agency will need to provide the following elements in order to prepare for credential production:
- An agency seal – It should be in color and of high quality (.JPG image, 20×20 mm, minimum 300 dpi recommended.) The seal will be placed on the front of the credential (see Zone 11 on sample credential image.) For more information, review the FIPS PUB 201-2 for more details at http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-2.pdf.
- Agency return address – A return address is necessary to put on the back of the credential so that it may be dropped into a mail box and returned to the issuing agency should the credential be lost.
What’s Contained on the PIV Credential
Each PIV credential contains an integrated circuit chip (ICC) that stores 64KB of data including:
- Four PKI digital certificates: PIV authentication, card authentication, digital signature and encryption (2 certificate options available for credentials)
- Two interoperable fingerprint templates
- Digital photo
- Cardholder Unique Identifier (CHUID) including organization affiliation, agency affiliation, department affiliation, and expiration date.
Scams Targeting Taxpayers
The IRS warns taxpayers to avoid unethical tax return preparers, known as ghost preparers. See IR-2019-09.
The IRS warns taxpayers to avoid unethical tax return preparers, known as ghost preparers. See IR-2019-09.
The IRS and Security Summit partners today warned the public of a surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware. See IR-2018-226.
In the wake of Hurricane Florence, the Internal Revenue Service is reminding taxpayers that criminals and scammers try to take advantage of the generosity of taxpayers who want to help victims of major disasters. See IR-2018-188.
The IRS warns of a new twist on an old phone scam as criminals use telephone numbers that mimic IRS Taxpayer Assistance Centers to trick taxpayers into paying non-existent tax bills. See IR-2018-103.
- IRS Warning: Don’t be a victim of ‘ghost’ tax return preparers
- IRS, Summit Partners warn on tax deadline scams, ‘IRS Refunds’ email
- Scam Alert: IRS urges taxpayers to watch out for erroneous refunds; Beware of fake calls to return money to a collection agency
A sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be IRS employees, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.
Victims are told they owe money to the IRS and it must be paid promptly through a gift card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.
Some thieves have used video relay services (VRS) to try to scam deaf and hard of hearing individuals. Taxpayers are urged not trust calls just because they are made through VRS, as interpreters don’t screen calls for validity. For details see the IRS video: Tax Scams via Video Relay Service.
Limited English Proficiency victims are often approached in their native language, threatened with deportation, police arrest and license revocation, among other things. IRS urges all taxpayers caution before paying unexpected tax bills. Please see: IRS Alerts Taxpayers with Limited English Proficiency of Ongoing Phone Scams. Note that the IRS doesn’t:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
- Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
- Demand payment without giving you the opportunity to question or appeal the amount they say you owe.
- Ask for credit or debit card numbers over the phone.
Scams Targeting Tax Professionals
Increasingly, tax professionals are being targeted by identity thieves. These criminals – many of them sophisticated, organized syndicates – are redoubling their efforts to gather personal data to file fraudulent federal and state income tax returns. The Security Summit has a campaign aimed at tax professionals: Protect Your Clients; Protect Yourself.
Soliciting Form W-2 information from payroll and human resources professionals
The IRS has established a process that will allow businesses and payroll service providers to quickly report any data losses related to the W-2 scam currently making the rounds. If notified in time, the IRS can take steps to prevent employees from being victimized by identity thieves filing fraudulent returns in their names. There also is information about how to report receiving the scam email.
Report these scams
- Email firstname.lastname@example.org to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information.
- Email the Federation of Tax Administrators at StateAlert@taxadmin.org to learn how to report victim information to the states.
- Businesses/payroll service providers should file a complaint with the FBI’s Internet Crime Complaint Center (IC3.gov). Businesses/payroll service providers may be asked to file a report with their local law enforcement.
- Notify employees so they may take steps to protect themselves from identity theft. The FTC’s www.identitytheft.gov provides general guidance.
- Forward the scam email to email@example.com.
- See more details at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.
Employers are urged to put protocols in place for the sharing of sensitive employee information such as Forms W-2. The W-2 scam is just one of several new variations that focus on the large-scale thefts of sensitive tax information from tax preparers, businesses and payroll companies.
Tax professionals who experience a data breach also should quickly report the incident to the IRS. See details at Data Theft Information for Tax Professionals.
- IRS, States and Tax Industry Warn Employers to Beware of Form W-2 Scam; Tax Season Could Bring New Surge in Phishing Scheme
- IRS, States and Tax Industry Renew Alert about Form W-2 Scam Targeting Payroll, Human Resource Departments
- IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s
Phishing (as in “fishing for information”) is a scam where fraudsters send e-mail messages to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victims’ identity.
The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets.
Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
Be alert to bogus emails that appear to come from your tax professional, requesting information for an IRS form. IRS doesn’t require Life Insurance and Annuity updates from taxpayers or a tax professional. Beware of this scam.
Variations can be seen via text messages. The IRS is aware of email phishing scams that include links to bogus web sites intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” These emails are not from the IRS.
The sites may ask for information used to file false tax returns or they may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information.
For more details, see:
- Consumer Alert: IRS Warns Taxpayers, Tax Pros of New Email Scam Targeting Hotmail Users
- IRS Warns Seniors to Beware of Calls by Criminals Impersonating the IRS
- Phishing Remains on the IRS “Dirty Dozen” List of Tax Scams for the 2017 Filing Season
Unsolicited email claiming to be from the IRS, or from a related component such as EFTPS, should be reported to the IRS at firstname.lastname@example.org.
For more information, visit the IRS’s Report Phishing webpage.
Fraudsters Posing as Taxpayer Advocacy Panel
Some taxpayers receive emails that appear to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, trying to trick victims into providing personal and financial information. Do not respond or click any link. If you receive this scam, forward it to email@example.com and note that it seems to be a scam phishing for your information.
TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information.
Crooks Impersonate IRS to get Banking and Other Information
- See: IRS warns of variation of Form W-8-BEN scam; crooks impersonate IRS to get banking and other information
Heightened Fraud Activity as Filing Season Approaches
- See: Security Summit Partners Warn Tax Pros of Heightened Fraud Activity as Filing Season Approaches
FBI Themed Ransomware Scam
Last-Minute Email Scams
Fictitious “Federal Student Tax” scam targeting students and parents and demanding payment
- See: IRS Warns of Back-to-School Scams; Encourages Students, Parents, Schools to Stay Alert
- See: IRS Warns of Latest Scam Variation Involving Bogus “Federal Student Tax”
Automated calls requesting tax payments in the form of iTunes or other gift cards
- See: IRS Warns Taxpayers of Summer Surge in Automated Phone Scam Calls; Requests for Fake Tax Payments Using iTunes Gift Cards
Pretending to be from the tax preparation industry
To report tax-related illegal activities, refer to our chart explaining the types of activity and the appropriate forms or other methods to use. You should also report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at 800-366-4484.
Taxpayers who experience tax-related identity theft may wonder when they should file a Form 14039, Identity Theft Affidavit.
- Security Summit – Learn more about how the IRS, representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators are working together to combat identity theft and refund fraud.
- Taxes-Security-Together We all have a role to play in protecting your data
- National Tax Security Awareness Week 2018
- Tax Scams — How to Report Them
- Criminal Investigation’s Tax Fraud Alerts
- State ID Theft Resources – State information on what to do if you or your employees are victims of identity theft.
- IRS Dirty Dozen – The annually compiled list enumerates a variety of common scams that taxpayers may encounter.