Each year the IRS publishes its ‘dirty dozen' — a list of the top 12 tax scams to watch for during the tax season and throughout the year. The IRS Dirty Dozen is current with the release of the 2021 list last summer. The archives include the lists from 2014 to 2020.
Comparing the lists from 2014 to 2021 shows that the scams have not changed much over the years:
Social media, ransomware, and pandemic-related threats appeared for the first time in 2020. Pandemic-related unemployment fraud appears in 2021. In the case of ransomware, it should be noted that the Financial Crimes Enforcement Network (U.S. Treasury Department) has been issuing ransomware advisories since at least 2016.
Abusive relationship fraud appears as a category in 2021. There are five specific scams detailed here, including “improper claims of business credits,” which is included in prior lists. 2021 is the first year to use categories to highlight “who perpetuates the schemes and who they impact.”
Offer in Compromise (OIC) “mills” appear in 2020. These scams involve offers to negotiate tax debt for a large fee. This article explains the scam in detail and includes an image of a solicitation letter.
In the table below you can see which scams were identified each year:
There are more scams listed than what appear here, but I’ve removed some details to keep things simple. For example, “phone scams” appear each year, but in 2020 it appears as an example in the threat “Scams targeting non-English speakers.” This happens with other common scams as well, such as unemployment fraud, inflated income, and padded expenses.
Most common types of tax scams
A historical look at the Dirty Dozen lists shows us that most scams fall into a few categories:
Email scams: Phishing, impersonation, and business email compromise are just a few of the attacks used to trick people into sending sensitive information or payments to a scammer. Many fake charities and OIC mills begin their scams with an email. The same is true for scams regarding payroll, human resources, and identity theft. Be vigilant against all email threat types and never rush to pay an invoice or send private information via email without confirming the legitimacy of the request.
Phone scams: These are usually another form of impersonation. Calls from fake charities or scammers posing as IRS agents have been on the Dirty Dozen list every year. Protect yourself from phone scams by refusing to give personal or financial information to any caller. If you are genuinely interested in speaking with the caller, the safest practice is to hang up and call back. You can reach your bank, utility company, and any other business that you use by dialing the phone number on your account statement or invoice.
This is a good time to consider mobile phone scams as well. Text messages from unknown senders operate like a phone impersonation scam. These are short messages asking you to donate or take some other action by clicking on the link in the message. This link can lead you to a fraudulent website that steals your information and your money, or it could install malware on your phone. Use the best privacy and security settings for your mobile device, don’t click on unknown SMS links, and consider third-party security for your device.
Unscrupulous preparers and service providers: These are the scammers who make promises to taxpayers in terms of inflated refunds or unlikely OIC outcomes. The IRS encourages taxpayers to report fraud and unethical behavior. New Hampshire Legal Aid also provides information on the common tactics of abusive tax preparers. The Department of Justice works closely with IRS Criminal Investigation to prosecute these crimes and encourages the public to follow this advice when choosing a tax preparer.
Everyone is a potential target for fraud. A tax scam can be conducted in many ways, and it will often involve multiple steps. An email from an IRS impersonator can lead to a phone call from an OIC mill or a visit to a fraudulent website. It’s important to protect against all of these methods.
Everyone is a potential target for ransomware crimes as well. Even if you limit your online activity, you live in a world full of systems that are connected to other systems. Banks, accounting firms, and government entities are all potential ransomware victims. A successful attack on a business that you use could expose your sensitive data or interrupt services that you require.
Federal and state regulations require tax practitioners and financial organizations to safeguard data. Email, network, application, and data protection are critical for accounting firms, especially during tax season when communications and file transfers increase and become more urgent.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.