Business tax scams are big business for criminals looking to make a financial gain using your employees’ and business information. Being aware of the schemes criminals are carrying out, and the tactics they use to employ them can give your business the best chance to deflect such advances.
Tax scams can be challenging to detect, and they persist because they continue to work. While these types of scams peak during tax season, scammers never take a break. Here are three categories of tax scams to keep on your radar.
W-2 PHISHING SCAMS
For the past couple of years, the W-2 scam and business email compromise (BEC) have been very effective scams.
- In 2020, the IC3 received 19,369 BEC complaints with adjusted losses of over $1.8 billion.
- In 2019, federal authorities investigating BEC schemes found that more than 250,000 identities were stolen and used to file more than 10,000 fraudulent tax returns.
HOW DO W-2 PHISHING SCAMS HAPPEN?
The Internal Revenue Service (IRS) continues to alert tax preparers and payroll and Human Resources professionals that phishing attacks are a primary method hackers use to perpetrate W-2 scams. The phisher poses as a legitimate employee within your organization (typically the CEO or a member of the finance team) requesting W-2 information via email. To best lure you into their trap, scammers may also pose as a legitimate vendor to prompt you to click links that will install malware and give the scammer access to your device. The tax documents, along with other Personally Identifiable Information (PII) of your employees, are then used to file fraudulent tax returns, directing their hard-earned money to a scammer’s bank account.
IRS IMPOSTERS
Tax scammers, hoping to legitimize their ploy, operate under the guise of IRS employees. As this method continues to be quite effective, IRS tax scams have proliferated over the years. Between the serious nature of paying and filing taxes and the anxiety the IRS tends to elicit, scammers are able to command attention and urgency through intimidation.
HOW DO IRS IMPOSTERS TARGET YOUR BUSINESS?
Once again, the success of phishing emails makes it a favored tool to pull off IRS tax scams. The emails may feature the IRS logo and could be addressed to a specific name or just “taxpayer.” Among the fraudulent messages, they may claim you are owed a refund, need to supply missing information or must pay a bill. You will be prompted to provide sensitive data via a link that will either download malware onto your device or link you to a realistic-looking, but malware-infected, website.
While phishing emails have become increasingly sophisticated, they haven’t replaced tax scam phone calls. This method readily persists and may be performed by a live person or an automated system. The fake IRS agent may threaten to revoke your business license or arrest you if you fail to provide sensitive information (like your Employer Identification Number, Social Security number, financial account information) and pay a fine immediately.
WHAT CAN YOU DO TO PROTECT YOUR BUSINESS FROM IRS IMPOSTERS?
Don’t click on any links within an email claiming to be from the IRS. Likewise, never provide sensitive data or payment information over the phone. The IRS will never email or call you to pay a bill or obtain personal information.
SOCIAL SCAMMERS
Many businesses tap into social networks as a marketing tool to reach new audiences and grow their business. It is easy to overlook the cons of integrating social media with your business — in this case, the con artists. Given the pervasive role of social media, it has become an increasingly popular method that scammers use to exploit victims.
HOW DO SOCIAL SCAMS TARGET YOUR BUSINESS?
Scammers will do whatever is necessary to carry out scams; standing up fake social media accounts posing as one of your business’ vendors, posing as a phony charity or hacking into legitimate accounts. They may even use additional phishing tactics to connect with you through your posts, through direct messages containing malicious links or urgent requests directing you to spoofed web pages. The IRS is also on social media, and impersonators may contact you for sensitive tax information.
WHAT CAN YOU DO TO PROTECT YOUR BUSINESS FROM SOCIAL SCAMS?
Just as you should not click on links within potential phishing emails, be wary of links you receive through social media accounts. Additionally, keep in mind that links in social media messages tend to be shortened URLs, making it nearly impossible to validate. Despite social media being the “sharing” platform, it is definitely not the place to share any of your business’s sensitive information.
Knowing the signs to watch for should give you greater confidence in protecting yourself and your business from these notorious business-related tax scams.
4 TIPS TO PROTECT YOUR SMALL BUSINESS FROM TAX SCAMS:
- Develop and implement a company-wide security awareness program. Make it everyone’s priority to protect company information for the benefit of your employees, your customers, and the long-term health of your business.
- Don’t rely on email alone: confirm requests for transfers of funds by using phone verification or face-to-face meetings. Only use previously known phone numbers to authenticate transfer requests and verify the requests in person whenever possible.
- Report any suspicious emails that may be a phishing attempt, IRS tax scam email, or phone call. Contact the Treasury Inspector General for Tax Administration (TIGTA) as soon as possible.
- Keep up to date with the latest tax scams: The IRS keeps a running list of scams for consumers and businesses to be aware of, called “The Dirty Dozen.”
