How Businesses Are Targeted in Tax Scams

Business tax fraud is a popular way criminals seek to profit from the exploitation of your employees’ and organization’s sensitive information. Being aware of fraudster schemes and the tactics they employ to carry them out can give your business the best chance to deflect such advances.

Tax scams persist because they can be challenging to detect, making them quite effective. While these types of scams peak during tax season, scammers never take a break. The following are three categories of tax scams to keep on your radar.

For the past few years, W-2 scams and business email compromise (BEC) have been successful methods used by cybercriminals.

W-2 email scams are sophisticated types of BEC or business email spoofing (BES). Targeting payroll and human resources (HR) departments, or a company’s tax preparer, they employ deceptive techniques to impersonate company executives — aiming to trick workers into providing a list of employees and their W-2 forms.

This data can then be used to file fraudulent tax returns — with scammers often using falsely inflated incomes and withholding figures in hopes of getting large refunds.

The Internal Revenue Service (IRS) continues to alert tax, payroll and HR professionals that W-2 scams remain popular. As government agencies and industries strengthen their defenses against identity theft, cybercriminals will continue to look for ways to obtain sensitive employee data to file fraudulent tax returns.

Protecting your business from W-2 phishing scams requires a robust, multilayered approach. The most effective strategy combines tactics like employee training, verification protocols, spam-blocking, identity security and cyber insurance.

Tax scammers will also impersonate IRS employees, an effective tactic that has proliferated during the last several years. The introduction of telephone spoofing and deepfake technology now make it even harder to detect these impersonator attacks.

Given the serious nature of owing taxes and the anxiety this can elicit, impersonators can better command attention, create a sense of urgency through intimidation, and dupe victims into handing over payments or information they otherwise would not provide.

IRS imposters have been known to initiate contact through fraudulent calls, emails, texts and social media messages. These communications may report a fake bill, tax credit, stimulus payment or refund. Victims are often urged to make a payment or provide sensitive data via a link that actually routes funds directly into the scammer’s account. In other cases, the link downloads malware onto the victim’s device.

While the ongoing success of phishing emails makes them a favored tool for IRS tax scams, scammers have increased their use of fake social media accounts and text messages as well.

Despite the availability of new communication channels, scammers still rely on tax scam phone calls. During these calls, fake IRS agents deploy a variety of tactics to manipulate victims. They might call unexpectedly about a tax refund or threaten to bring in other law enforcement groups to have the business owner arrested for not paying. They may demand immediate payment using a specific payment method, such as a wire transfer or even prepaid debit and gift cards. The imposter may also threaten arrest or revocation of the business’s license if the victim does not share sensitive information (like your Employer Identification Number, Social Security number or financial account information).

Don’t click on any links within an email claiming to be from the IRS. Likewise, never provide sensitive data or payment information over the phone. The IRS does not initiate contact electronically — but instead contacts taxpayers by mail.

Many companies use social media as a way to reach new audiences and create new revenue streams. While there are many pros in using social media as a marketing tool, it can be easy to overlook the cons of integrating it into your business — and in this case, the con artists. Given the pervasive role of social media, it has become an increasingly popular method scammers use to exploit victims.

To access your business’s funds or information, scammers may establish fake social media accounts posing as one of your business’ trusted vendors or a favorite charity. They may attempt phishing tactics through social media posts, direct messages containing malicious links or urgent requests directing you to spoofed web pages. And while the IRS is on social media, IRS impersonators may attempt to contact you for sensitive tax information from spoofed social media accounts.

While social media is designed for sharing, it’s not the place to share your business’s sensitive information. Just as you should not click on links within potential phishing emails, be wary of links you receive through social media accounts. Keep in mind links in social media messages tend to contain shortened URLs — which are more difficult to validate.

Knowing the signs to watch for should give you greater confidence in avoiding business-related tax scams online.

1. Develop and implement a company-wide security awareness program. Protecting sensitive company information benefits employees, customers and the long-term health of your business, so it should be the priority of every team member.
2. Don’t rely on email requests for fund transfers. Confirm requests by phone or face-to-face meetings. Only use previously known phone numbers to authenticate transfer requests — verifying requests in person whenever possible.
3. Report any activity you suspect may be an IRS tax scam. Whether it’s a phishing email, suspicious phone call or questionable social media contact, you can report suspected tax fraud to the IRS, even if the attempt is unsuccessful. Your information can help others from becoming victims.
4. Keep up to date with the latest tax fraud scams: The IRS publishes a running list of tax scams organizations and individuals should be aware of called The Dirty Dozen.

For additional information regarding tax fraud, visit the IRS’s Tax fraud alerts website. To explore ways to strengthen your organization’s fraud prevention efforts, TransUnion^® is ready to help.