tax

Preparing and filing your business taxes accurately and on time is stressful enough on its own. The last thing you need is for a scam artist to get involved and make the experience much worse.

In 2019 alone, the IRS identified $1.8 billion worth of tax fraud incidents.

Luckily, the IRS is a powerful organization, and they’d much rather see your tax money end up with them than in the hands of some shady con artist. In addition to relentlessly hunting down scammers and fraudsters (they convict more than 91% of the criminals they identify, and are in the midst of a hiring boom), the IRS tracks and publicizes the biggest tax scams to avoid.

To help you know what to watch for as a business leader, here are three of the biggest tax scams making the rounds right now, as reported by the IRS.

1.   IRS impersonation scams

Scammers have long been known to disguise themselves behind legitimate IRS email addresses and phone numbers when reaching out to businesses. They use scare tactics, threatening vulnerable businesses into paying back taxes and late fees, whether those businesses actually owe anything or not.

How it works: You get a phone call or email from someone claiming to be the IRS. They say that you owe back taxes and late penalties and if you don’t pay immediately (often via wire transfer) your business will be suspended. Alternatively, the scammer may tell you that you are due a large refund and ask for your bank information so they can deposit the funds.

How to avoid it: The IRS will never send unsolicited email (they’ll contact you by mail or in person), demand immediate payment via wire transfer, ask for bank information over the phone, or threaten you with law enforcement action. If any of these things happen to you or someone else at your organization, immediately report the incident to phishing@irs.gov.

2.   The ‘tax transcript’ email scam

This one is especially dangerous because it targets business networks. This scam preys on employees who get an official looking email in their inbox promising an important document, and open it without discretion. No matter how vigilant you are as a business leader, it takes just one vulnerable access point to infect your entire network.

How it works: Scammers masquerading as the IRS or official financial institutions send an email to your business with the Emotet malware attached, and a subject line of “Tax Account Transcript,” or something similar. The Emotet malware downloads or drops banking Trojans that steal sensitive financial data. The Department of Homeland Security has called it “among the most costly and destructive malware” affecting governments and the private and public sectors.

How to avoid it: The IRS does not send unsolicited emails and would never attach a sensitive document in an unsolicited email. Your bank would never attach a sensitive document in an unsolicited email. Remind all of your employees not to open attachments in unsolicited emails. If an employee receives one of these emails, they should report it to your IT team, forward it to phishing@irs.gov, and delete it.

3.   The W-2 scam

Scammers are targeting payroll and HR professionals by disguising themselves as executives within the organization via spoofed email and requesting a list of employees along with their W-2 information.

How it works: While this may seem easy to avoid, it takes only one unsuspecting employee to share this sensitive information and allow a scammer to steal the identities of dozens or even hundreds of employees. Once they have this information, the scammers can do everything from opening credit card accounts to filing fraudulent tax returns.

How to avoid it: Warn anyone in your organization who has access to W-2 data about this scam, and always follow best practices for avoiding data security breaches. If you detect this scam without turning over any data, report the incident immediately to phishing@irs.gov following these instructions and file a complaint with the Internet Crime Complaint Center. If your organization does fall victim to the scam, email dataloss@irs.gov and follow these instructions from the IRS. They may be able to stop fraudulent tax returns before they are filed by the scammers.

Stay one step ahead of tax scammers

As quickly as the IRS tries to tip off businesses about the latest scams, scammers are finding new ways to catch businesses off guard.

You can stay ahead of the scammers by remembering that the IRS will never send unsolicited emails, ask for your banking information over the phone, demand that taxes or penalties are paid immediately, threaten you with law enforcement action for non-payment, or ask you to pay by wire transfer or prepaid debit card. If you notice any of these things, or anything else that seems suspicious, contact phishing@irs.gov.

Andrew Conrad is a content writer for Capterra, specializing in finance/accounting and project management software. When he’s not striving for the perfect balance of information and entertainment, Andrew enjoys the great outdoors and the wide world of sports.

Tax scam stock photo by karen roach/Shutterstock