Though there are still weeks left until the tax-filing deadline of April 18, the Internal Revenue Service (IRS) has already seen a 400 percent surge from last year in e-mail malware and phishing scams – means that criminals use to steal people’s personal information in order to file fraudulent tax returns and to collect someone else's refund from the IRS.
The agency paid out an estimated $5.8 billion to deal with fraudulent refunds stolen by identity thieves in 2013. But the agency says that it now has new computer filters that are helping spot scams. Last year, this helped the IRS stop almost 3 million suspicious returns, it has reported.
Through phone calls, e-mails, and texts that appear to come from the IRS or from a bank or tax preparation company, criminals ask people to divulge private financial information. The requests are sophisticated and seem official, and can trick people into sharing information about their refunds, filing status, personal financial information, Social Security numbers, and other sensitive passwords either over the phone or through fraudulent websites.
Through e-mail, the requests for information usually direct people to bogus websites that ask them to update personal information that could later be used to steal their identities. These websites also may carry malware, says the IRS, which can infect people's computers and allow criminals to access a victim’s files or to track their keystrokes to collect private information.
"While more attention has focused on the continuing IRS phone scams, we are deeply worried this increase in email schemes threatens more taxpayers," said IRS Commissioner John Koskinen in a consumer warning.
The IRS says that it typically does not reach out to taxpayers by email, text ,or social media to request personal or financial information.
"Criminals are constantly looking for new ways to trick you out of your personal financial information so be extremely cautious about opening strange emails," said IRS Commissioner John Koskinen.
"The IRS won't send you an email about a tax bill or refund out of the blue. We urge taxpayers not to click on any unexpected emails claiming to be from the IRS," Mr. Koskinen said, asking people to send suspicious e-mails to firstname.lastname@example.org.
Criminal efforts to steal identities to claim fraudulent tax refunds have grown significantly in recent years. While one out of a dozen tax scams in 2011 involved identity theft and phishing, by 2015 one third were in this category.
Last year, the IRS itself was the target of an attack when criminals used an online service run by the agency to access personal tax information from more than 100,000 taxpayers in order to steal identities and claim fraudulent tax refunds.
“This trend is especially worrisome now,” wrote Howard Gleckman, a resident fellow at The Urban-Brookings Tax Policy Center, in The Christian Science Monitor in May 2015.
“Identity theft and other cybercrimes are blossoming just as the IRS is trying to make itself more accessible online – a confluence of events that could prove dangerous for taxpayers and catastrophic for the already-troubled agency,” he wrote.
But not just the agency is a target. Intuit had to halt all state e-filing tax returns last year through its TurboTax software as the company and some states noticed an increase in “suspicious filings” through the software.
“Private industry and government need to work together to find ways to take billions of fraudulent dollars out of the hands of criminals and put them back in the pockets of American families where it rightfully belongs," Brad Smith, Intuit president and chief executive, said in an announcement at the time.