Scary scams to give you nightmares
Vulnerable populations and people are the prime target of fraudsters looking to use illegal methods to make a (dishonest) living.
Donna H. Laubscher, CPA
In this month of Halloween, which can have cute and adorable trick or treaters (most years, maybe not this year), scary decorations and an all over feeling of fright, there can be things other than a global pandemic that cause hair raising stories. In this, the seemingly longest year in recorded history, what more can happen? Unfortunately, there can be quite a bit, because vulnerable populations and people are the prime target of fraudsters looking to use illegal methods to make a (dishonest) living. Here are just a few examples.
Targeting Tax Refunds
There are a couple of variations to this scam. One involves filing a fraudulent tax return using real taxpayer personal information and then having the falsely created inflated refund deposited into the fraudster’s bank account.
The other method is just as nefarious. A fraudulent return is filed, leaving the taxpayer’s actual bank account information on the return. An IRS impersonator then contacts the taxpayer and says that a refund has been deposited in error. Since no refund was expected, either because the return has not yet been filed or there is not a refund, this seems plausible. The impersonator then requests that the taxpayer send the refund by purchasing gift cards. So not only is the taxpayer out the gift cards, but the amount of the original deposit, as well. Because when the IRS does discover the erroneous deposit, it will need to be returned.
How, you may ask, does your personal information get into the hands of these sneaking crooks? It can be through a data breach at a company, or you can inadvertently give it out yourself via a phishing scam. Remember the IRS will never initiate contact with you via email, so do not click on any links in an IRS email. Another popular scam is to send an email which appears to be from your bank, requesting you to log on, through a link and update or verify your information. You should never click on these links. First, always look at the actual email address. Make sure the part of the address after the @ is actually from the bank, such as chase.com. If it is not, it is a phishing attack. Additionally, you can search for the bank’s actual website and log in that way to make sure there are no issues with your account.
Payroll and HR Scams
These are phishing attempts with a specific purpose – stealing W-2 and other information. There are a few different ways these can work:
- An email sent to the HR department, pretending to be from the CEO or other officer or supervisor. They claim to be away from their office but need HR to immediately send them the W-2s for the company (or nonprofit or government or school district – they are not aiming specifically for profit companies). Here is a very good reason to use your skepticism – what possible reason could the boss have for needing all W-2s? Immediately? While not even in the office? I know bosses and supervisors can be wired differently, but that does not tend to be normal behavior!
- An email sent that appears to be from your boss or supervisor asking you to purchase a bunch of gift cards that they need right away.
- Finally, unscrupulous persons can contact HR and impersonate an actual employee. they’ll try to have direct deposit information for paychecks changed to their fake bank account instead of the legitimate bank account of the employee.
A ransom can be scary, no matter the circumstances, either a kidnapping of a friend or loved one, or your computer data. Ransomware is usually installed through a version of malware that is generally perpetrated by an insider in the target company, usually without any malicious intent. It can be a click on a link in an email or opening an attachment to an email, all without realizing the havoc that is about to be unleashed on the computer data. This computer data is then “held hostage” until the ransom is paid, usually in bitcoin or another cryptocurrency, as they cannot be traced.
Constant reminders and education of your team is critical to help prevent this.
Every year the IRS issues alerts that there are people setting up charities that appear to be legitimate, but they are just slightly different than an actual charity. This year it is even more prevalent, as the fake charities are set up to purportedly assist those who have been impacted by COVID-19 or to potentially help to get the (as yet unreleased) vaccination out to those in need.
The methods used to get you to donate to these fake charities can be either via phone, email or even in person. If you are in doubt, here is the IRS tool to find qualified charities.
Rumors Can Live in the Shadows
Particularly with the year we have had in 2020, the internet and emails can be full of rumors. For example, months before a second economic stimulus payment was enacted, there were rumors and theoretical links on how to get in line to receive it. Sometimes, if it seems to be good to be true, it very well can be. While the internet can indeed have very useful information, not all of it is accurate. When in doubt, please reach out to your Henry+Horne advisor.
- If you believe that you may have been a victim of a COVID-19 related scam, you are encouraged to file a report with the appropriate authorities
- The National Center of Disaster Fraud has a complaint form on its website which you can complete. You can also call their hotline at 866-720-5721.
- If you are the victim of a phishing scan from the IRS you can email them at email@example.com
- If you are the victim of a phishing scam from your financial institution, please reach out directly to that institution.
In order to keep from getting spooked by any of these scams, please look at everything with a very healthy dose of skepticism. Feel free to contact your Henry+Horne tax adviser with any questions.
Donna H. Laubscher, CPA, Partner, specializes in tax planning and consulting for individuals. She can be reached at DonnaL@hhcpa.com or (480) 483-1170.