Income tax identity theft is a huge problem that costs the taxpayers more than 5 billion dollars a year. Identity thieves armed with an unwary victim’s Social Security number files, generally electronically, a phony tax return on behalf of the victim with a fake W-2 that shows a substantial fraudulent refund due. If the legitimate taxpayer files his or her income tax return after the identity thief, the real income tax return will be flagged and a long investigation will occur before the real taxpayer is able to receive his or her legitimate refund.
Now the IRS is issuing a warning to accountants and other tax preparers about a phishing scam where the tax preparer receives what appears to be an email from the IRS asking the tax preparer to update their IRS e-services portal information and Electronic Filing Identification Numbers (EFINs). Links are provided in the email for entering the tax preparer’s username and password which is what the identity thief sending this phishing email is seeking. Once the identity thief has this information, it is easier for him or her to file phony tax returns. The IRS is advising anyone who receives one of these emails to delete it after forwarding it to the IRS at firstname.lastname@example.org.
As I have warned you many times, you can avoid phishing emails regardless of how clever they may be or how legitimate they may appear if you make it a practice to never click on links in emails, download attachments or provide personal information until you have absolutely confirmed that the communication is legitimate. In this case, it is easy to call the IRS to confirm that this is a scam. Even if the email or text message appears to have come from a trusted source, your trusted source may have had his or her email account or smartphone hacked so it is always necessary to confirm that any communication you receive is legitimate before clicking on links, downloading attachments or providing personal information. Clicking on tainted links or downloading tainted attachments can result in keystroke logging malware being installed on your computer or other electronic device that will steal personal information from your computer or other electronic device and use it to make you a victim of identity theft. Remember my motto, “trust me, you can’t trust anyone.”