by Brian Thompson | Jul 1, 2021 | General, Identity Theft
The Internal Revenue Service (IRS) recently released 2021’s ‘Dirty Dozen’ tax scams list. The list comes with a warning for taxpayers, tax professionals, and financial institutions…
Be on the lookout for these 12 schemes and scams!
The list is broken down into 4 separate categories:
- Pandemic-related scams like Economic Impact theft
- Personal information cons including phishing, ransomware, and phone “fishing”
- Ploys focusing on unsuspecting victims like fake charities and senior/immigrant fraud
- Schemes that persuade taxpayers into unscrupulous actions such as Offer In Compromise mills and syndicated conservation easements.
The categories are based on who perpetrates the schemes and who they impact.
The IRS continues to see ruses by dishonest people who trick others into doing something illegal or causes them harm. Predators encourage otherwise honest people to do things they don’t realize are illegal or prey on their goodwill.
Several schemes involve fraudsters targeting groups like seniors or immigrants, posing as fake charities impersonating IRS authorities, charging excessive fees for Offers in Compromise, conducting unemployment insurance fraud, and unscrupulously preparing tax returns.
Here are five of this year’s “Dirty Dozen” scams.
Fake charities
The IRS advises taxpayers to be on the lookout for scammers who set up fake organizations to take advantage of the public’s generosity. They especially take advantage of tragedies and disasters, such as the COVID-19 pandemic.
Scams requesting donations for disaster relief efforts are especially common on the phone. Taxpayers should always check out a charity before they donate, and they should not feel pressured to give immediately.
Taxpayers who give money or goods to a charity may be able to claim a deduction on their federal tax return by reducing the amount of their taxable income. But taxpayers should remember that to receive a deduction, taxpayers must donate to a qualified charity. To check the status of a charity, use the IRS Tax Exempt Organization Search tool. (It’s also important for taxpayers to remember that they can’t deduct gifts to individuals or to political organizations and candidates.)
Here are some tips to remember about fake charity scams:
- Individuals should never let any caller pressure them. A legitimate charity will be happy to get a donation at any time, so there’s no rush. Donors are encouraged to take the time to do the research.
- Potential donors should confirm the charity’s exact name, web address, and mailing address. Some dishonest telemarketers use names that sound like large well-known charities to confuse people.
- Be careful how a donation is paid. Donors should not work with charities that ask them to pay by gift cards or by wiring money. That’s how scammers ask people to pay. It’s safest to pay by credit card or check — and only after having done some research on the charity.
For more information about fake charities see the information on fake charity scams on the Federal Trade Commission website.
Immigrant/senior fraud
IRS impersonators and other scammers are known to target groups with limited English proficiency as well as senior citizens. These scams are often threatening in nature.
While it has diminished some recently, the IRS impersonation scam remains a common scam. This is where a taxpayer receives a telephone call threatening jail time, deportation, or revocation of a driver’s license from someone claiming to be with the IRS. Taxpayers who are recent immigrants often are the most vulnerable and should ignore these threats and not engage the scammers.
The IRS reminds taxpayers that the first contact with the IRS will usually be through mail, not over the phone. Legitimate IRS employees will not threaten to revoke licenses or have a person deported. These are scare tactics.
As phone scams pose a major threat to people with limited access to information, including individuals not entirely comfortable with the English language, the IRS has added new features to help those who are more comfortable in a language other than English. The Schedule LEP PDF allows a taxpayer to select in which language they wish to communicate. Once they complete and submit the schedule, they will receive future communications in that selected language preference.
Additionally, the IRS is providing tax information, forms, and publications in many languages other than English. IRS Publication 17, Your Federal Income Tax, is now available in Spanish, Chinese (simplified and traditional), Vietnamese, Korean and Russian.
Seniors beware
Senior citizens and those who care about them need to be on alert for tax scams targeting older Americans. The IRS recognizes the pervasiveness of fraud targeting older Americans, along with the Department of Justice and FBI, the Federal Trade Commission, and the Consumer Financial Protection Bureau (CFPB), among others.
In an effort to make filing taxes easier for seniors, the IRS reminds seniors born before Jan. 2, 1956, that the IRS has re-designed the Form 1040 and its instructions, and that they can use the Form 1040SR and related instructions.
The IRS reminds seniors that the best source for information about their federal taxes is the IRS website.
Offer in Compromise “mills”
Offer in Compromise mills contort the IRS program into something it’s not – misleading people with no chance of meeting the requirements while charging excessive fees, often thousands of dollars.
“We’re increasingly concerned that people having trouble paying their taxes are being duped into misleading claims about settling their tax debts for ‘pennies on the dollar’,” said IRS Commissioner Chuck Rettig. “The IRS urges people to take a few minutes to review information on IRS.gov to see if they might be a good candidate for the program – and avoiding costly promoters who advertise on radio and television.”
The IRS reminds taxpayers to beware of promoters claiming their services are needed to settle with the IRS. And that their tax debts can be settled for “pennies on the dollar” or that there is a limited window of time to resolve tax debts through the Offer in Compromise (OIC) program.
OIC?
An “offer,” or OIC, is an agreement between a taxpayer and the IRS that resolves the taxpayer’s tax debt. The IRS has the authority to settle, federal tax liabilities by accepting less than full payment under certain circumstances. However, some promoters are inappropriately advising indebted taxpayers to file an OIC application with the IRS, even though the promoters know the person won’t qualify. This costs honest taxpayers money and time.
Taxpayers should be especially wary of promoters who claim they can obtain larger offer settlements than others or who make misleading promises that the IRS will accept an offer for a small percentage. Companies advertising on TV or radio frequently can’t do anything for taxpayers that they can’t do for themselves by contacting the IRS directly.
Taxpayers can go to IRS.gov and review the Offer in Compromise Pre-Qualifier Tool to see if they qualify for an OIC. The IRS reminds taxpayers that under the First Time Penalty Abatement policy, taxpayers can go directly to the IRS for administrative relief from a penalty that would otherwise be added to their tax debt.
Unscrupulous tax return preparers
Although most tax preparers are ethical and trustworthy, taxpayers should be wary of preparers who won’t sign the tax returns they prepare. For e-filed returns, the “ghost” will prepare the return but refuse to digitally sign as the paid preparer.
By law, anyone who is paid to prepare, or assists in preparing federal tax returns, must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on the return. Not signing a return is a red flag that the paid preparer may be looking to make a quick profit by promising a big refund or charging fees based on the size of the refund.
Unscrupulous tax return preparers may also:
- Require payment in cash only and will not provide a receipt.
- Invent income to qualify their clients for tax credits.
- Claim fake deductions to boost the size of the refund.
- Direct refunds into their bank account, not the taxpayer’s account.
It’s important for taxpayers to choose their tax return preparer wisely. The Choosing a Tax Professional page on IRS.gov has information about tax preparer credentials and qualifications. The IRS Directory of Federal Tax Return Preparers with Credentials and Select Qualifications can help identify many preparers by type of credential or qualification.
Taxpayers should that they are legally responsible for what is on their tax return regardless of who prepares it. Consumers can help protect themselves by choosing a reputable tax preparer.
Unemployment insurance fraud
Unemployment fraud often involves individuals acting in coordination with or against employers and financial institutions. Their goal is to get state and local assistance to which they are not entitled. These scams can pose problems that can adversely affect taxpayers in the long run.
States, employers, and financial institutions need to be aware of the following scams related to unemployment insurance:
- Identity-related fraud: Filers submit applications for unemployment payments using stolen or fake identification information to perpetrate an account takeover.
- Employer-employee collusion fraud: The employee receives unemployment insurance payments while the employer continues to pay the employee reduced, unreported wages.
- Misrepresentation of income fraud: An individual returns to work and fails to report the income to continue receiving unemployment insurance payments, or in an effort to receive higher unemployment payments, applicants claim higher wages than they actually earned.
- Fictitious employer-employee fraud: Filers falsely claim they work for a legitimate company, or create a fictitious company, and supply fictitious employee and wage records to apply for unemployment insurance payments.
- Insider fraud: State employees use credentials to inappropriately access or change unemployment claims, resulting in the approval of unqualified applications, improper payment amounts, or movement of unemployment funds to accounts that are not on the application.
Below is a shortlist of financial red flag indicators of unemployment fraud:
- Unemployment payments are coming from a state other than the state in which the customer reportedly resides or works.
- Multiple state unemployment payments are made within the same disbursement timeframe.
- Unemployment payments are made in the name of a person other than the account holder or in the names of multiple unemployment payment recipients.
- Numerous deposits or electronic funds transfers (EFTs) are made that indicate they are unemployment payments from one or more states to people other than the account holder(s).
- Higher unemployment payments are seen in the same timeframe compared to similar customers and the amount they received.
Stay tuned for additional sections to come on the 2021’s ‘Dirty Dozen’ Tax Scams list.
by Brian Thompson | Jun 23, 2021 | Breach, Identity Theft
Reality…no company can prevent a breach! Earlier this month I was a guest speaker at the 2021 Nebraska Credit Union League Annual Meeting & Convention.
One of my talking points was about the reality of data breaches and how the final story for most data breach events rarely reflects the initial news report. Initial reports speak of what is currently known about the breach. But those reports never cover the long-term impact of affected individuals and small businesses.
In case you missed it, some of the notable data breaches so far in 2021 include CNA, Experian, Facebook, GEICO, Instagram, LinkedIn, Microsoft, Tesla, and Microsoft.
The irony to these data breaches is that these businesses pride themselves on safeguarding PII (Personally Identifiable Information). An additional irony is that these businesses have more financial and information technology resources than most other businesses, and yet they still cannot prevent a data breach event from happening.
Reality
The reality of data breaches is that they occur almost every day – whether it is an accidental release (which is a polite phrase for carelessness, incompetence, or simply stupidity) or malicious intent (with the insider threat a common focal point, although the media heavily focuses on hacking events).
To help add clarity to the above, the recently released 2021 Verizon Data Breach Investigations Report (Verizon 2021 Data Breach Investigations Report Released) provides the latest data breach-related trends and statistics that can help both consumers and employees be proactive in mitigating their exposure to identity theft and data breaches.
This year’s Data Breach Investigations Report (DBIR) helps define words in an accurate and complete manner such as “incident” and “breach” and highlights the reality of data breaches that can support a cyber-risk management strategy for all businesses in general but small business in particular.
Things to know
- Social engineering is the most successful attack
- The top hacking vector in breaches is web application servers
- Denial of service is the most frequent way incidents occur
- 85 percent of breaches involved a human element
- Financially-motivated attacks are the most common
- Organized crime continues to be the number one attacker
- Compromised External cloud assets, more than on-premises assets
- The exploitation of Unpatched older vulnerabilities by attackers
- Credentials remain one of the most sought-after data types, followed by personal information
- Employees continue to make mistakes that cause incidents and breaches
- Lost and Stolen devices
- Misuse of Privileges
- Business Email Compromises were the second most common form of social engineering (COMPLACENCY MAKES HACKERS SUCCESSFUL)
- The majority of social engineering incidents were discovered externally
DBIR also states “phishing continues to be a top cause of data breaches, followed by stolen credentials and ransomware. Threat actors ‘will first exfiltrate the data they encrypt’ and threaten to reveal it publicly if the ransom isn’t paid.”
To conclude and while this year’s Verizon report highlights “the importance of building a culture of cybersecurity vigilance,” I believe that having a response and recovery program in place is just as important as having an information security and governance program in place.
Why, because I believe the reality of data breaches is that “no one company can ever prevent itself from experiencing a data breach event”. This is something I have been writing and speaking about for the last 15 years.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | May 20, 2021 | Breach, Identity Theft
The danger of complacency makes hackers successful at phishing and ransomware.
The recent Colonial Pipeline cyberattack forced Colonial to shut down the pipeline. The shutdown created widespread fuel shortages in 11 states and Washington, D.C. All pointing to the true vulnerability of our companies and the detrimental effects of being complacent.
Complacency and phishing emails that spread malware are the main reason for the success of cybercriminals and ransomware attacks.
According to a December 2020 Digital Guardian blog titled A History of Ransomware Attacks, “ransomware has been a prominent threat to enterprises, SMBs, and individuals alike since the mid-2000s.”
Separately, according to the National Cyber Investigative Joint Task Force (NCIJTF), crimes such as financial fraud and identity theft are being exploited via the internet and technology through “the global cyber domain” every day.
To address this “evolving cyber challenge,” the NCIJTF released this FBI-IC3 Ransomware PDF Fact Sheet to educate the public on the ransomware threat.
The FBI’s Internet Crime Complaint Center (IC3) defines ransomware as; “a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible.
The irony to this evolving cyber challenge is that ransomware was originally intended to target individual consumers. Consumers are low stake opportunities but are still targets.
Instead, cybercriminals have taken ransomware to a more lucrative level by targeting higher-stakes opportunities such as:
- healthcare (hospitals, medical groups, and dental groups),
- professional services (law firms, accounting firms, and consulting firms),
- education (high schools, community colleges, and colleges),
- government agencies (law enforcement, city, and federal agencies).
In addition, digital money or cryptocurrencies such as Bitcoin and Ethereum are now targets. Cryptocurrencies are difficult to trace and can be transferred electronically without financial institutions that are regulated by governments. This fact has made ransomware more profitable than stealing data and selling it on the Dark Web.
What to do about it.
Consumers and employees – especially small business employees – should receive security training on a regular basis. Education about the latest security threats via online education and phishing simulation tests can dramatically reduce the threat.
The reality is that cybercriminals depend on the phrase “breach fatigue” and for consumers and employees to be complacent and careless about cybersecurity.
Two good examples of email security threats that consumers and employees need to be aware of are (1) spoofing and phishing and (2) Business Email Compromise.
To conclude, the potential for cybercriminals to shut down your home computer, the company you work for, or critical infrastructures such as gas pipelines, electric grids, and water supplies; along with mass transportation, railways, bridges, tunnels, and even airlines – should be enough motivation for consumers and employees to NOT be complacent. Because… Complacency makes hackers successful!
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | May 17, 2021 | General, Identity Theft, Uncategorized
Most of you have heard of it, but what is a credit score?
The most widely used scoring model in the United States and Canada is the FICO credit score. Developed in 1956 by a company called Fair, Isaac & Company (FICO), this model is designed to determine how likely you are to become 90 days late on any payment within the next twenty-four months. The model calculates the probability of loan delinquency. It does so by comparing patterns in your credit history against the patterns of millions of other consumers.
FICO makes all these comparisons with software that uses complex equations and advanced analytics. The comparison evaluates all the data in your credit report and distills it into a standardized, three-digit score.
But, let’s back up a minute. Where does all the credit report data come from?
Each financial choice you make – how much you spend on credit, how responsibly you pay down your debts, how many credit-related accounts you have, etc. – gets reported to three credit reporting agencies: Equifax, Experian, and TransUnion. When a lender orders a copy of your credit report, they also usually request the accompanying FICO credit score. The report boils everything down into a single score based on that agency’s proprietary version of the FICO scoring model.
It’s important to note that while FICO works with the credit agencies, they do not control the information in your credit reports. Fico translates the data provided and returns a standardized score. So, to summarize:
- You make financial choices.
- The lending entities you interact with (banks, retailers, etc.) report your choices to the three credit reporting agencies.
- The agencies use the FICO software to turn your data into a single credit score, which is then delivered to the lender reviewing your application for credit.
It may seem like there are a lot of moving parts, but because the choices you make drive the entire process, ultimately you’re the one in control. In fact, statistics show that, given thirty days, over 80% of loan applicants have the potential to improve credit scores.
by Brian Thompson | May 6, 2021 | Breach, Identity Theft
Each year your businesses struggle with rising cases of identity theft and it’s affecting everything. ID Theft can be detrimental to your employees, productivity, your reputation, revenue, and profit.
You take all the necessary measures to secure your systems and prevent data breach incidents. But what about personal data stolen from elsewhere? Is your company being defrauded by that data? What can you do to prevent identity fraud despite business efforts to protect their information assets?
What is happening?
Insider solo hackers and criminal gangs steal millions of consumer records each year from companies around the globe. Bad actors take advantage of weaknesses in the system security and operations. The stolen information is traded on the dark web and used by identity thieves around the world to quickly defraud businesses, governments, and individuals.
They, under someone else’s name:
- open new credit lines
- empty bank accounts
- seek expensive medical services
- receive government assistance
- buy merchandise or services
- and collect tax refunds
Identity theft may make your company vulnerable, regardless of how or where the consumer information is obtained. However, you have the option to mitigate identity theft and reduce fraud losses by implementing an effective identity theft program that incorporates training for your employees, management teams, board members, and customers to collectively prevent identity fraud.
What can you do?
You can implement an employee identity theft protection program with defend-id. defend-id has developed integrated resources to help businesses mitigate the risks of identity theft with our employee identity monitoring tools. defend-id will insure against identity fraud and provide full-service recovery for your employees when it does happen.
Can your organization protect against identity theft and keep employees, shareholders, customers, and auditors happy?
You don’t have to be one of the businesses that struggle with rising cases of identity theft. Contact defend-id or your benefits agent today to inquire about a program for your business today. www.defend-id.com
by Brian Thompson | Apr 29, 2021 | Identity Theft, Uncategorized
In August 2014, I wrote an article for the Arizona Republic titled Synthetic Identity Fraud Emerges As Growing Threat. In the article, I pointed to the fact that synthetic ID Theft & Fraud is getting worse. Stating that “synthetic identity theft and fraud often include a combination of fake and real credentials using names, Social Security numbers, driver’s licenses, and employee identification numbers to create new ‘synthetic’ or fake identities.”
This Forbes article includes a brief summary of synthetic identity theft and fraud and made me think of how both small businesses and consumers need to increase their knowledge and awareness of their digital risk.
Think about it, both consumers and small businesses have entered the digital world where we are all at risk. Examples of digital risk include a phishing attack; a hacking attack; or when your personal privacy or data privacy is exposed; or when your cloud computing or cloud storage vendor is hacked.
And to be clear – digital services such as the internet, website marketing, Apple and Google apps, and more, make it possible for small businesses to deliver more new products and services. These same digital services also create more satisfying customer experiences.
However, with these great new digital services comes risk – or should I say “digital risk”. As I mentioned above, digital risk means unwanted and often unexpected outcomes. Outcomes that stem from digital business processes and digital consumer services.
So what does all this mean?
First, there was a significant increase in the number of identity theft cases in 2020. These cases are mainly due to the Covid-19 pandemic with employees working from home and students studying remotely.
Second, as businesses and consumers try to mitigate their exposure to data breaches and identity theft, cybersecurity experts anticipate another significant increase in identity theft and fraud in 2021.
One of those expected trends and contributing factors in cybercrime in 2021 will be the use of synthetic identity theft and fraud.
With synthetic identity theft and fraud helping in the authentication of an unauthorized individual by combining real and fake information, ID theft criminals are creating a completely new identity that looks so real – both businesses and consumers cannot tell the difference.
So what can be done? Cybersecurity experts are working on new technologies where financial companies can know verify consumers’ identity securely.
In addition, small businesses and consumers can help manage their digital risk by:
- Using stronger passwords and passphrases
- Implementing two-factor authentication to minimize the risk of identity theft and unauthorized login.
By Mark Pribish
Vice President and ID Theft Practice Leader
April 2021
