Identity Thieves Target Uncle Sam

Identity thieves seem to like to target the government. With April 15th nearing, the news is awash with fraudsters using other people's identities to claim an earned income tax credit worth thousands of dollars. Of course, we should feel sorry for the poor people, who had their identity stolen and used to file a bogus return. After all, they will have to deal with IRS, and prove they didn't file the fraudulent paperwork.

The saddest thing is that they will probably find out about it when they file a legitimate tax return, and it is denied. When this happens, they might have to prove, that they were not the person responsible for filing the faux (fake) return. In most instances, proving this will be hours of work and cost a little money.

In all fairness, it is evident that the IRS is taking tax fraud much more seriously than in the past. Because of this, we are probably seeing more of it being reported. The IRS has an excellent information page on their site to assist the people being victimized. Please note that anyone paying taxes is a victim of all this, and the money being lost, adds to the ever-growing deficit.

Another aspect of this fraud is that if the government can prove the refund was not negotiated for the right person, they can hold the financial institution paying out the money liable. Frequently when the fraudulent refund is received a counterfeit ID is produced to negotiate the instrument. In these cases, when the true person proves they did not file the bogus return, the loss is going to be charged right back to the financial institution that paid out the actual cash in the scheme.

Another good example of a government program being targeted is the recent disclosure that hackers compromised a State of Utah Medicaid database. Given the quality of information stolen (medical), it is prime to commit tax fraud (or medical fraud) against the government.

Current estimates put this data breach at 780,000 personal records compromised. It has also come to light that the data was not encrypted and that less than complex passwords were used to protect it. The Salt Lake City Tribune is also reporting that the manner in which this information was protected might be in violation of current federal regulations. Hard to believe with the number of publicly disclosed breaches that the data was not encrypted. You would think that this would be standard by now when protecting information that criminals can steal money with?

Pretty interesting that the World Privacy Forum is showing an interactive map on their site showing all the known occurrences of medical identity theft in recent years. While there are differing estimates on the costs of medical fraud, there is little doubt that it costs us billions of dollars, and the costs are passed on to all of us.

An article by Jaikumar Vijayan at ComputerWorld makes a pretty good argument that most of the data breaches in 2011 were avoidable. If this is the case, it should show us that this is an ever-growing problem and that we cannot afford to let our guard down.

If you think you might be a victim in the Utah breach, the State has set up a victim's assistance line at 1-855-238-3339.

UC Irvine Staff Nails ID Thief in Texas

A former UnitedHealthCare worker, who stole the personal and financial information of at least 1100 University of California, Irvine students has been arrested in Dallas, Texas.

Michael Tyrone Thomas, of Fort Worth, was arrested at his home and is being held on $300,000 bail. The authorities are alleging Thomas stole the information while working at UnitedHealthCare in December 2007. They are also charging that Thomas used the information to fill out fraudulent tax returns using 163 identities stolen in the caper.

According to the Houston Chronicle, a spokesman for UnitedHealthCare didn't return their call concerning the arrest on Friday. I went to the UnitedHealthCare site and found nothing mentioned about this case as of this writing.

It appears that the investigation was initiated by the UC Irvine Police after students started complaining about identity theft in March. Specifically, they complained about someone using their information to fill out bogus tax returns. University computer experts took a look at their systems and found no signs of a breach. Subsequently, University Police investigating the case discovered all the students were enrolled in a insurance program administered by UnitedHealthCare.

A press release on the UC Irvine site gave credit to UCI Police Sergeants Tony Frisbee, Shaun Devlin and Corporal Caroline Altamirano for working closely on the case with the Dallas District Attorney's Office. The release indicates that they expect additional arrests and that the IRS will be investigating the tax fraud implications in the case.

Recently, the National Taxpayer Advocate, issued a report to Congress indicating that tax fraud involving the use of stolen identities has grown 644 percent in the past four years. In a lot of these cases, forged W-2's are used to claim an earned income credit, which can net the fraudster thousands of dollars per return.

In my post on this story, I mentioned that the IRS has a dedicated page to assist identity theft victims when their information has been used to commit tax fraud. The Houston Chronicle article mentioned that UnitedHealthCare will be offering free credit monitoring and that UCI will be offering loans to the affected students. It also mentioned that UCI Police Chief, Paul Henisey doesn't think the rest of the names were used because the reports of identity theft dropped off in late June.

Free credit monitoring seems to be the standard offer to victims when a data breach is disclosed, but it doesn't necessarily reveal all forms of identity theft. Credit bureaus do not track what information is being used to file a tax return and would be worthless in the already known cases. Other examples when credit monitoring might not be the end-all solution to identity theft protection are medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and last, but not least, when it is used to commit crimes of other than a financial nature.

If I were one of the affected UC Irvine students, I wouldn't turn down the free credit monitoring (it does help in a lot of instances), but I would also visit the Identity Theft Resource Center's Financial Identity Theft - More Complex Cases page to educate myself a little further.

So far as Chief Henisey's prediction that this case is over -- I certainly hope it is -- but it wouldn't be prudent for everyone to let their guard down just yet. Information is bought and sold in a lot of places (including over the Internet) for the purpose of identity theft. There is no way of telling, whether or not, any of this information was passed to someone else for a profit.

Saying that, it's refreshing to see the culprit caught in this case and the UC Irvine Police Department (along with other University staff) did an excellent job in their investigation. It isn't very often when one of these cases is traced to the person behind it.

FBI reports tax stimulus phishing campaign underway

The FBI Cyber Investigations Division issued a press release that spammers are phishing for people's personal details using the tax stimulus program as bait.

The Federal Bureau of Investigation warns consumers of recently reported spam e-mail purportedly from the Internal Revenue Service (IRS) which is actually an attempt to steal consumer information. The e-mail advises the recipient that direct deposit is the fastest and easiest way to receive their economic stimulus tax rebate. The message contains a hyperlink to a fraudulent form which requests the recipient's personally identifiable information, including bank account information. To convince consumers to reply, the e-mail warns that a failure to complete the form in a timely manner will delay the issuance of the rebate check.

My guess is that the intent in getting your bank account information is to take it over and drain it of all it's assets.

Please note that phishing normally requires a person to willingly give up their information, but more and more, a new phenomenon is being seen called a drive by infection is being seen in the "wild" a.k.a. the Internet.

I wrote about this recently in a post called, "Nowadays, all you need to do is visit the wrong site to have your personal information stolen! "

As noted in the post, the phishermen have been seen using social engineering ploys, along with malicious software in conjunction with each other.

If you want to learn more via FBI recommended educational tools, or report a phishy e-mail, here is a way you may do so:

Please notify the IC3 by filing a complaint at www.ic3.gov. More information on scams is also available on www.fbi.gov and www.lookstoogoodtobetrue.com.

You can also report IRS related phishing scams to phishing@IRS.gov, here.

FBI press release with example of one of the phishmails, here.

In case you want to see when you are going to get your "actual" stimulus check (if you qualify), the IRS has a tool to figure it all out on their site.

Report challenges IRS that it is not doing enough to protect taxpayers from identity theft

According to a recently released report by the Inspector General for Tax Administration, the IRS is falling behind on a problem that has increased almost 600 percent in the past five years, controlling the use of stolen identities to file tax returns.

Most of the identity theft referred to in this report is when someone's personal information is stolen to maintain employment.

Here is the synopsis from the report:

The IRS has not placed sufficient emphasis on employment-related and tax fraud identity theft strategies. Specifically, its prevention strategy does not include pursuing individuals using another person’s identity, unless their cases directly relate to a substantive tax or conspiracy violation. IRS policy is that the actual crime of identity theft will only be investigated by the Criminal Investigation Division if it is committed in conjunction with other criminal offenses having a large tax effect.

Here is how the Inspector General came up with these numbers:

During Calendar Years 2005 and 2006, the Federal Trade Commission received 92,570 taxpayer complaints related to employment-related and tax fraud identity theft. Due to the lack of IRS information related to identity theft, it is not clear whether the Criminal Investigation Division evaluated or investigated any of these complaints. According to the IRS, the Criminal Investigation Division does not use the Federal Trade Commission Identity Theft Clearinghouse data, and any identity theft prosecution recommendations would have been developed from other
sources.

The report goes on to say that in past two years out of the 92,570 cases reported only about 100 were prosecuted.

Another interesting aspect of the report is that only no match cases (where a name and SSN do not match) are reported to the employer:

Employers are notified of mismatches between names and Social Security Numbers. However, if both a taxpayer’s name and Social Security Number are used by another person, employers are not notified and no further action is taken to stop the continued unlawful use of the identity.

This ties in with the no match social security number legislation that the Department of Homeland Security is trying to enact. As of right now, anyone can use someone else's or even a made up social security number and remain employed. There are few to no consequences for the identity thief, or the employer, who chooses to look the other way.

The new law would force employers to take action, but has been held up in Federal court at the behest of several civil liberties groups. Ironically, many of the cases I've read about involved a citizen of Hispanic American heritiage having their identity stolen.

In August of last year, I wrote about a financial crimes detective, Adrian Flores having his identity stolen. Before clearing his good name, Detective Flores went through a lot of pain and suffering when the IRS came after him for back taxes. He also had to deal with a slew of collection agencies coming after him for unpaid debts using his stolen identity.

Sadly enough, it appears that the groups blocking this legislation don't take the victims rights into consideration (my opinion). I'm all for protecting individual rights, but we need to consider the people getting their identities stolen, also.

Who is protecting their civil liberties?

Most Americans have nothing against hard working immigrants, but many of us have become weary with all the crime that hides itself in it's mass. There isn't going to be an easy answer to this issue, but we need to remove the factors that enable crime to camouflage itself within the problem, too easily.

Full report by the Inspector General for Tax Administration, here.

Latest press release from DHS about the impending (highly controversial) law, here.

The Dirty Dozen Tax Scams of 2008

The IRS has been in the news recently because it's name has been impersonated (spoofed) to phish personal and financial information from people tricked into believing the IRS was going to send them money.

Another recent phishing lure spoofing the IRS name was the upcoming economic stimulus package being promised to the tax paying public. In this case, (too good to be true) promises of money were being sent out by spam spewing zombie computers before the details were finalized in the halls of Congress.

These spam spewing zombie computers are part of a botnet. Botnets are controlled by bot-herders, who are known to rent their services to a wide variety of Internet misfits. Bot-herders often use their botnets to commit criminal activity themselves, also.

Zombie computers are created after their owner clicks on a link in a spam e-mail containing malicious software engineered to take control of their system. In the recent past, there have even been examples of malware being injected into a system after just visiting an infected site.

Please note that most of these phishing ploys are designed to clean out your bank account, run up your credit cards, and or allow a criminal to use your good name to obtain additional lines of credit. The fact that they often turn your computer into a zombie is considered an add-on value to the criminal, who can then use your system to deliver spam (scams) to other unsuspecting people.

Today, the IRS issued it's yearly Dirty Dozen Tax Schemes. Since Internet scammers have been so fond of using the IRS's name, I thought this would be a good subject to blog about.

Please note that from time to time, I get anonymous inquiries about where to report tax fraud in the comments section. I've included information oh how to do this at the bottom if this post.

The IRS is sometimes willing to pay a reward for information leading to the successful resolution of an investigation. Your identity is protected if you choose to remain anonymous, also.

From the press release:

The Internal Revenue Service today issued its 2008 list of the 12 most egregious tax schemes and scams, highlighted by Internet phishing scams and several frivolous tax arguments.

Topping this year’s list of scams is phishing, which encompasses numerous Internet-based ploys to steal financial information from taxpayers. New to the “Dirty Dozen” this year is a scheme, which IRS auditors discovered, that relates to unreasonable and/or excessive fuel tax credit claims.

Here is the Dirty Dozen hot off the official press release:

1. Phishing

Phishing is a tactic used by Internet-based thieves to trick unsuspecting victims into revealing personal information they can then use to access the victims’ financial accounts. These criminals use the information obtained to empty the victims’ bank accounts, run up credit card charges and apply for loans or credit in the victims’ names. Phishing scams often take the form of an e-mail that appears to come from a legitimate source. Some scam e-mails falsely claim to come from the IRS. To date, taxpayers have forwarded more than 33,000 of these scam e-mails, reflecting more than 1,500 different schemes, to the IRS. The IRS never uses e-mail to contact taxpayers about their tax issues. Taxpayers who receive unsolicited e-mail that claims to be from the IRS can forward the message to a special electronic mailbox, phishing@irs.gov, using instructions contained in an article titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.” Remember: the only official IRS Web site is located at www.irs.gov.

2. Scams Related to the Economic Stimulus Payment

Some scam artists are trying to trick individuals into revealing personal financial information that can be used to access their financial accounts by making promises relating to the economic stimulus payment, often called a “rebate.” To obtain the payment, eligible individuals in most cases will not have to do anything more than file a 2007 federal tax return. But some criminals posing as IRS representatives are trying to trick taxpayers into revealing their personal financial information by falsely telling them they must provide information to get a payment. For instance, a potential victim is told by phone or e-mail that he or she is eligible for a rebate but must provide a bank account number (or similar information) to get the payment. If the target is unwilling, the victim is then told that he cannot receive the rebate unless the information is provided. Individuals should remember that the only way to get a stimulus payment is to file a 2007 tax return. The IRS urges taxpayers to be extra-vigilant. The IRS will not contact taxpayers by phone or e-mail about their stimulus payment.

3. Frivolous Arguments

Promoters of frivolous schemes encourage people to make unreasonable and unfounded claims to avoid paying the taxes they owe. Most recently, the IRS expanded its list of frivolous legal positions that taxpayers should stay away from. Taxpayers who file a tax return or make a submission based on one of these positions on the list are subject to a $5,000 penalty. The most recent update of the list of frivolous positions includes: misinterpretation of the 9th Amendment to the U.S. Constitution regarding objections to military spending, erroneous claims that taxes are owed only by persons with a fiduciary relationship to the United States, a nonexistent “Mariner’s Tax Deduction” related to invalid deductions for meals and the misuse of the fuel tax credit (see below). The complete list of frivolous arguments is on the IRS Web site at IRS.gov.

4. Fuel Tax Credit Scams

The IRS is receiving claims for the fuel tax credit that are unreasonable. Some taxpayers, such as farmers who use fuel for off-highway business purposes, may be eligible for the fuel tax credit. But some individuals are claiming the tax credit for nontaxable uses of fuel when their occupation or income level makes the claim unreasonable. Fraud involving the fuel tax credit was recently added to the list of frivolous tax claims, potentially subjecting those who improperly claim the credit to a $5,000 penalty.

5. Hiding Income Offshore

Individuals continue to try to avoid paying U.S.taxes by illegally hiding income in offshore bank and brokerage accounts or using offshore debit cards, credit cards, wire transfers, foreign trusts, employee leasing schemes, private annuities or life insurance plans. The IRS and the tax agencies of U.S. states and possessions continue to aggressively pursue taxpayers and promoters involved in such abusive transactions.

6. Abusive Retirement Plans
The IRS continues to uncover abuses in retirement plan arrangements, including Roth Individual Retirement Arrangements (IRAs). The IRS is looking for transactions that taxpayers are using to avoid the limitations on contributions to Roth IRAs. Taxpayers should be wary of advisers who encourage them to shift appreciated assets into Roth IRAs or companies owned by their Roth IRAs at less than fair market value. In one variation of the scheme, a promoter has the taxpayer move a highly appreciated asset into a Roth IRA at cost value, which is below annual contribution limits even though the fair market value far exceeds the amount allowed.

7. Zero Wages

Filing a phony wage- or income-related information return to replace a legitimate information return has been used as an illegal method to lower the amount of taxes owed. Typically, a Form 4852 (Substitute Form W-2) or a “corrected” Form 1099 is used as a way to improperly reduce taxable income to zero. The taxpayer also may submit a statement rebutting wages and taxes reported by a payer to the IRS. Sometimes fraudsters even include an explanation on their Form 4852 that cites statutory language on the definition of wages or may include some reference to a paying company that refuses to issue a corrected Form W-2 for fear of IRS retaliation. Taxpayers should resist any temptation to participate in any of the variations of this scheme.

8. False Claims for Refund and Requests for Abatement

This scam involves a request for abatement of previously assessed tax using Form 843, “Claim for Refund and Request for Abatement.” Many individuals who try this have not previously filed tax returns. The tax they are trying to have abated has been assessed by the IRS through the Substitute for Return Program. The filer uses Form 843 to list reasons for the request. Often, one of the reasons given is "Failed to properly compute and/or calculate Section 83-Property Transferred in Connection with Performance of Service."

9. Return Preparer Fraud

Dishonest tax return preparers can cause many problems for taxpayers who fall victim to their schemes. These scam artists make their money by skimming a portion of their clients’ refunds and charging inflated fees for return preparation services. They attract new clients by promising large refunds. Some preparers promote the filing of fraudulent claims for refunds on items such as fuel tax credits to recover taxes paid in prior years. Taxpayers should choose carefully when hiring a tax preparer, especially one who promises something that seems too good to be true.

10. Diguised Corporate Ownership

Some people are going as far as forming domestic shell corporations in certain states for the purpose of disguising the ownership of a business or financial activity. Once formed, these anonymous entities can be used to facilitate underreporting of income, non-filing of tax returns, engaging in listed transactions, money laundering, financial crimes and even terrorist financing. The IRS is working with state authorities to identify these entities and to bring the owners of these entities into compliance.

11. Misuse of Trusts

For years, unscrupulous promoters have urged taxpayers to transfer assets into trusts. They promise reduction of income subject to tax, deductions for personal expenses and reduced estate or gift taxes. However, some trusts do not deliver the promised tax benefits. As with other arrangements, taxpayers should seek the advice of a trusted professional before entering into a trust.

12. Abuse of Charitable Organizations and Deductions

The IRS continues to observe the misuse of tax-exempt organizations. Misuse includes arrangements to improperly shield income or assets from taxation, attempts by donors to maintain control over donated assets or income from donated property and overvaluation of contributed property. In addition, IRS examiners are seeing an upturn in instances where taxpayers try to disguise private tuition payments as contributions to charitable or religious organizations.

As promised above, here is how you can report one of these scams:

Suspected tax fraud can be reported to the IRS using IRS Form 3949-A, Information Referral. Form 3949-A is available for download from the IRS Web site at IRS.gov. The completed form or a letter detailing the alleged fraudulent activity should be addressed to the Internal Revenue Service, Fresno, CA 93888. The mailing should include specific information about who is being reported, the activity being reported, how the activity became known, when the alleged violation took place, the amount of money involved and any other information that might be helpful in an investigation. The person filing the report is not required to self-identify, although it is helpful to do so. The identity of the person filing the report can be kept confidential.

Whistleblowers also could provide allegations of fraud to the IRS and may be eligible for a reward by filing Form 211, Application for Award for Original Information, and following the procedures outlined in Notice 2008-4, Claims Submitted to the IRS Whistleblower Office under Section 7623.

Full press release on the 2008 Dirty Dozen Scams, here.

The IRS must be a great lure to go phishing and vishing with!

It should be no surprise that scam artists, fraudsters and other internet misfits are trying to cash in on the economic stimulus package being proposed by the powers that be in Washington.

The odd thing is the come-on, a tax rebate, hasn't even been approved yet.

The most accurate information I could find on this latest trend was from the IRS, who is being impersonated once again. They've gained considerable experience with this type of scam recently with their name being used (frequently) as a fake "badge of authority" (lure) to trick people into becoming an identity theft statistic.

From the IRS site (published on January 30th):

The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond.

The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up.

The goal of the scams is to trick people into revealing personal and financial information, such as Social Security, bank account or credit card numbers, which the scammers can use to commit identity theft.

The bottom line is that the IRS is not going to send you an e-mail, or call you on the telephone asking for personal information.

Trust me, they already have it if you are due to receive money from them!

Variations of the recent scams include a tax rebate phone call, refund spam e-mail, audit e-mail (besides money fear is a common lure), changes to tax law e-mail, and a telephone scam claiming the IRS has sent a paper check and needs to verify your banking information.

So far as the e-mails, they sometimes contain links that load malicious software (designed to steal more information). Although not mentioned in the IRS release, a new phenomenon called "drive by pharming" was recently seen in the wild (on the Internet).

Here is what I wrote about "drive by pharming" in a previous post:

"Pharming (pronounced farming) is a Hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software," according to Wikipedia.

Spam e-mail is becoming more dangerous all the time. Most of these lead to fake websites, or blogs that can download malware on a system by merely visiting them.

So far as the surge in using the telephone to scam information, often referred to as vishing -- VoIP technology (super cheap long distance) has made this easy to do. From what I hear, a lot of it is being done across International borders, which makes prosecution difficult, also.

The IRS release warns that the caller might sound foreign. This is a good tip, but with call centers being outsourced all over the world, it's becoming pretty common to speak to someone on the telephone with an accent.

The safest bet is to give out no personal information to anyone, no matter how official they might seem when they it solicit via telephone, or over the Internet.

The press release does offer resources to report any suspected scams. Please note, that paragraph one is an extremely good tip!

Anyone wishing to access the IRS Web site should initiate contact by typing the IRS.gov address into their Internet address window, rather than clicking on a link in an e-mail or opening an attachment.

Those who have received a questionable e-mail claiming to come from the IRS may forward it to a mailbox the IRS has established to receive such e-mails, phishing@irs.gov, using instructions contained in an article titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.” Following the instructions will help the IRS track the suspicious e-mail to its origins and shut down the scam. Find the article by visiting IRS.gov and entering the words “suspicious e-mails” into the search box in the upper right corner of the front page.

I know a lot of us simply hit delete when we see this stuff, but if it didn't work, the phishermen wouldn't keep doing it. We should all consider reporting it a "act of kindness" towards those, who might fall for this.

The people at the IRS fighting this could certainly use the HELP! It might eventually lead to the people behind this being held accountable.

Those who have received a questionable telephone call that claims to come from the IRS may also use the phishing@irs.gov mailbox to notify the IRS of the scam.

IRS release, here.

Previous posts about the IRS being used as a lure from this blog, here.

It's unlikely the IRS is outsourcing tax preparation services to Russia!

Looks like with the start of tax season, the phishermen are again pretending to be the IRS.

Using a badge of authority in phishing is nothing new. In the past, we've seen the FBI, Interpol, DOJ and a lot of other official agencies spoofed (impersonated) to trick people into giving up their personal and financial details.

Here is a phishmail that got past my spam filter yesterday:

Date: Fri, 11 Jan 2008 16:02:36 -0500

From: "Internal Revenue Service" Add to Address Book Add Mobile Alert

Subject: IRS Annual Calculations - Tax Refund Internal Revenue Service United States Department of the Treasury

Dear Applicant:

After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $270,25.

Please submit the tax refund request and allow us 2 business days in order to
process it.

To access the form for your tax refund, please click here (link removed).

The links on these spam e-mails are designed to entice the unwary to give up their personal and financial details (later used to commit financial crimes)through social engineering techniques (trickery). Just clicking on a link can download malicious software designed to steal information from your computer (which will also be used in financial crimes) or it will turn your computer into a spam spewing zombie.

If you hover (don't click) your mouse on a link and read the address that shows up on the bottom of your screen, it will show the true address. In the above example, it reveals and address of a Russian domain (astrasong.ru).

It's unlikely that the IRS is outsourcing tax preparation services to the Russian Union!

I went to the IRS site and discovered that they just updated their Suspicious e-Mails and Identity Theft page the same day I received this phishmail.

The page has links to all their previous warnings and information on where to report phishing activity involving the IRS. Also included are government educational resources (recommended reading if you haven't seen them before).

New IRS rules dictate stricter controls on how personal information is marketed by preparers!

Last year, a large amount of fraud cases were reported when people claimed refund anticipation loans using fraudulent information.

In many instances, these fraudulent returns were filed using the earned income tax credit. The earned income tax credit returns a portion, or all of the taxes people pay, who are below a certain income level when they file their yearly tax return.

While an honorable practice in principle, the credit is targeted by fraudsters, who submit fake W-2 information and claim large refunds that they were not entitled to.

W-2's can be purchased in just about any office supply store, or even over the Internet.

Another growing trend noted -- with all the stolen identities and counterfeit identification out there -- are fraudulent tax returns being filed using other people's information. RAL refunds can net several thousand dollars each, which make them prime targets for financial fraud.

Low income people are also often recruited to go in and get these loans using "made up" information.

Guess who ends up getting caught if the IRS discovers the fraud in most instances? I'll give you a hint, it probably won't be the person who talked them into doing it.

I'm not sure if all the tax refund fraud and reported identity theft last year inspired the recently announced IRS rules, but it's probably a good guess that it had something to do with it.

The IRS is now giving taxpayers more control over their personal and financial information. They are also examining whether certain restrictions should be placed on refund anticipation loans.

The IRS press release states:

Federal law already strictly prohibits the IRS from making disclosures of taxpayer return information within its control to third parties except with taxpayer consent or in circumstances set by Congress. The final rules have no effect on the strict protection of return information in the IRS’s hands and apply only to tax return information held by income tax return preparers.

Among the new rules:

Generally, preparers must obtain taxpayer consent, either by paper or electronically depending on how the return is being filed, before tax return information can be disclosed to any third party or used for any purpose other than filing the return.

If the taxpayer consents to the disclosure and use of his information, the consent must identify the intended purpose of the disclosure, identify the recipients and describe the particular authorized disclosure or use of the information.

Mandatory language informs individual taxpayers that they are not required to sign the consent; that if they sign the consent, federal law may not protect their information from further disclosure; and that if they sign the consent, they can set a time period for the duration of that consent. If taxpayers fail to set a time period, the consent is valid for a maximum of one year.

To prevent consent requests from individual taxpayers from bring buried in fine print, the rules require the paper consent documents to be in 12-point type on 81/2 by 11 inch paper and require electronic consent requests to be in the same type as the Web site’s standard text, all to prevent consent requests from being too difficult to read for individual taxpayers.

If a taxpayer declines to provide consent for an unrelated tax preparation disclosure or use request, the preparer cannot make a similar consent request. The intent is to protect taxpayers from being pressured with repeated consent requests regarding the same issue.

Mandatory consent from taxpayers also is required if the tax information is going to be disclosed to a tax preparer located outside the United States. This provision is intended to ensure taxpayers are informed if their tax information is being sent off-shore for return preparation. The individual taxpayer’s Social Security Number also must be redacted.

The press release also states:

One issue that was raised during the comment period was the use by tax return preparers of tax return information to market Refund Anticipation Loans (RALs) to taxpayers. The issue of marketing RALs and similar products, such as Refund Anticipation Checks and Audit Insurance, was not specifically addressed in the proposed regulations.

The Treasury Department and the IRS are concerned that RALs and similar products may provide preparers with a financial incentive to take improper tax return positions in order to inflate refund claims inappropriately. In order to give the public an opportunity to comment on this issue, the Treasury Department and the IRS are issuing an Advance Notice of Proposed Rulemaking (ANPRM) that announces they are considering a proposal that tax return preparers be prohibited from disclosing or using taxpayer return information for the purpose of selling products such as RALs and similar products.

Last year it came to light that a Jackson Hewitt franchise owner with a lot of branches was being charged by the federal government for enabling this type of fraud. The dollar amount of the fraud was calculated by the government at about $70 million.

Here is the post, I wrote about this particular incident:

Is tax fraud being enabled by too many dishonest preparers?

While the Jackson Hewitt allegations were major news, it probably only accounts for a small portion of the overall fraud committed with tax returns. In previous years, we've even seen prisoners file phony tax returns from behind bars.

Dishonest preparers also sometimes try to get their customers to claim questionable exemptions. This can lead to the customer ending up in a lot of trouble at a later date.

The IRS has a educational document to educate taxpayers about this problem, here.

If you happen to know of anyone committing any of these tax frauds, the IRS has a place where it can be reported, here.

Press release on the new rules and possible restrictions on RAL products, here.

There are articles circulating in the mainstream media with more information on how this might hurt the profitability of the tax preparation industry. I'll include the one from Reuters written by Jonathan Stempel, here.

IRS Phishing Scam lures victims with a donation plea for the Southern California Fires

In an apparent scam that packs a double whammy, the IRS is being impersonated in a spoofed e-mail requesting donations for the recent Southern California fires.

From the IRS press release:

The Internal Revenue Service today warned taxpayers to be on the lookout for a new e-mail scam that appears to be a solicitation from the IRS and the U.S. government for charitable contributions to victims of the recent Southern California wildfires.

In an effort to appear legitimate, the bogus e-mails include text from an actual speech about the wildfires by a member of the California Assembly.

The scam e-mail urges recipients to click on a link, which then opens what appears to be the IRS Web site but which is, in fact, a fake. An item on the phony Web site urges donations and includes a link that opens a donation form which requests the recipient’s personal and financial information.

It appears that in this scam, people are being solicited for both money and their personal information.

The IRS is warning that this is likely to make them a victim of identity theft, and that providing any personal and financial information is likely to result in a person having a lot more money taken from them than they intended to give:

The bogus e-mails appear to be a “phishing” scheme, in which recipients are tricked into providing personal and financial information that can be used to gain access to and steal the e-mail recipient’s assets.

The IRS also believes that clicking on the link downloads malware, or malicious software, onto the recipient’s computer. The malware will steal passwords and other account information it finds on the victim's computer system and send them to the scamster.

Generally, scamsters use the data they fraudulently obtain to empty the recipient’s bank accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name or even file fraudulent tax returns to obtain refunds rightfully belonging to the victim.

If you happen to run into one of these spoofed e-mails, here is something you can do to help the IRS and people, who might fall for this:

Recipients of the scam e-mail can help the IRS shut down this scheme by forwarding the e-mail to an electronic mail box, phishing@irs.gov, using instructions found in “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes” on this site. This mail box was established to receive copies of possibly fraudulent e-mails involving misuse of the IRS name, logo or Web site for investigation.

IRS press release on the latest spoof using their name, here.

Fraudsters have been using the IRS name to scam people on an ongoing basis. Frequently, the name of other government agencies are used as a badge of authority by scammers, also.

Other posts regarding this phenomenon can be seen, here.

Governor Schwarzenegger in California stated that there will be zero tolerance for fraud in wake of the fires. His press release, along with numbers to report suspected fraud can be seen, here.

Sadly, whenever disaster strikes, scammers of all sorts pop out of the woodwork to steal money from people.

In case you don't have time to link to the press release, the number is 800-952-5210.

The FTC Fraud Department didn't really send you that phishmail

Phishing attempts spoofing (impersonating) government agencies aren't anything new. Here again, the FTC (Federal Trade Commission) is being used as a badge of authority to trick people into downloading something that is likely to steal their personal and financial details.

From the FTC press release about this most recent occurrence:

A bogus email is circulating that says it is from the Federal Trade Commission, referencing a “complaint” filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments.

The spoof email includes a phony sender’s address, making it appear the email is from “frauddep@ftc.gov” and also spoofs the return-path and reply-to fields to hide the email’s true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Recipients should forward the email to spam@uce.gov and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.

The virus contains a keylogger, which logs information keyed into a computer and sends it back (electronically) to the phishermen (bad guys). This is a common method of stealing people's financial and personal information, which then is used to steal money.

The technical terminology used in the press release refers to a virus. Two other terms used to describe how a keylogger is planted on a system are malware and crimeware.

Keylogging software seems to be legally purchased, often touted as a way to spy on your family, or employees. Law enforcement and people committing more sophisticated forms of espionage have been known to use them, also.

If you are interested in seeing how many people are marketing keyloggers, click here.

Phishing might sound technical, but it almost always uses a psychological technique known as social engineering (trickery) to accomplish it's purpose. In this case, the trick (lure) to click on the attachment is fear, but in a lot of cases, it's something that's too good to be true.

The FTC refers people, who want to learn more about phishing to http://www.onguardonline.gov/.

Another place that has a lot of information about phishing is the Anti-Phishing Working Group.

Traditionally, the Phishermen relied on tricking people to give up the information they were seeking. More and more, keyloggers are being used that steal the information automatically.

Other posts, where I've written about keyloggers can be seen, here.

I've been getting a lot of queries on this site about another government agency (the IRS), who has also been spoofed frequently by the Phishermen. The last update on this was on September 19th, but my guess is that these are still circulating out there, also.

Full FTC press release on this matter, here.

Here is an interesting CNet blog post about FTC Chairman, Deborah Platt Majoras, stating publically that phishing is driving her insane. This was taken from a comment she made about a month ago to the first National Cybersecurity Awareness Summit.

(Deborah Platt Majoras courtesy of the FTC site)

IRS name used to phish for ID theft victims, again!

Government agencies and trusted brands are often spoofed (impersonated) in phishing attempts, which are social engineering ploys to steal personal and financial information, and or download cybernasties (malware, crimeware) on your system. Please note the cybernasties normally steal information from your computer, also.

The information culled from you, or your computer is then used to make YOU an identity theft statistic.

In the past couple of years, spoofing the IRS has become an old story, but they keep on doing it.

Here are the most recent updates on IRS phishing scams:

Updated Aug. 24, 2007 — The Internal Revenue Service today warned taxpayers of a new phishing scam, in which an e-mail purporting to come from the IRS advises taxpayers they can receive $80 by filling out an online customer satisfaction survey. The IRS urges taxpayers to ignore this solicitation and not provide any requested information. The IRS does not initiate contact with taxpayers through e-mail.

Updated June 19, 2007 — In another recent scam, consumers have received a "Tax Avoidance Investigation" e-mail claiming to come from the IRS' "Fraud Department" in which the recipient is asked to complete an "investigation form," for which there is a link contained in the e-mail, because of possible fraud that the recipient committed. It is believed that clicking on the link may activate a Trojan Horse.

Full IRS press release on this matter, here.

Phishing isn't limited to impersonating the IRS, the APWG (Anti-Phishing Working Group) tracks this ever growing problem and offers advice on how to avoid getting hooked, here.

Previous posts about phishing attempts impersonating the IRS can be seen, here.

Celebrities, including Paris Hilton become identity theft victims

(Courtesy of Flickr) Only the photographer knows who is behind the mask.

No one's identity is safe these days. It's just been reported that a lot of celebrity types, including Paris Hilton have had their identities jacked (stolen).

Tampa Bay's 10.com reports:

Investigators busted a massive identity theft ring allegedly operating out of a row home in Northeast Philadelphia Friday.

Police said the list of targeted victims includes celebrity names like Donovan McNabb, his mother Wilma, Jennifer Lopez, Paris Hilton, Whitney Houston, Patti LaBelle, Michael Vick and Microsoft founder Paul Allen.

Allegedly, a couple of fraudsters used change of address forms and had mail diverted to a Philadelphia address. They then used the information from the stolen mail to order checks and credit cards.

The article also states that one of the fraudsters was a former IRS employee, and that some of the information might have been stolen from their computers.

Considering the names they were using, one might wonder why no one noticed at the banks, credit card companies, or the post office when this scheme was first hatched?

In case any of these famous people are wondering why it was so easy to use such recognizable names, it might be because issuing credit cards, checks and (I'm guessing) address changes are approved by computers.

To demonstrate this, they might want to read a previous post I wrote:

Ever Wonder How Well the Credit Card Companies Protect Your Personal Information?

I did another post, where a cat was issued a credit card, also:

Should cats be issued credit cards?

According to the article, this case is still being investigated and the list of people compromised is likely to grow.

It will be interesting to see, if it is ever disclosed, how long this went on and how much money was stolen as a result of this!

10.com article, here.

IRS audit reveals that the human factor is one the greatest threats to information (computer) security

(Courtesy of Flickr)

A new report issued by the Treasury Department's inspector general reveals that too many IRS employees compromised their user ID and password to an unknown person, who was actually a government auditor posing as a help desk employee.

Sixty percent of the IRS employees fell for the social engineering trick, sometimes referred to as vishing. This isn't the first time a test like this has been conducted. In 2004, 35 percent of the employees tested compromised information and in 2001, the failure rate was 70 percent.

In the recent past, the agency has also been criticized for it's aging computer systems and their name has been spoofed (impersonated) in phishing attacks.

I guess the IRS makes a good story, but they certainly aren't the only government agency, or private entity being compromised by activity like this.

Whether it's vishing or phishing -- where social engineering (fraud, deception etc.) techniques are used to trick people into giving up access to information that should be protected -- human beings are probably the biggest threat to information (computer) security.

True, the results of this report are shocking, but maybe we should listen to what it is telling us? If social engineering didn't work, my guess is that a lot of the current explosion in phishing and vishing activity would go away.

Even when malware, often referred to as crimeware, which steals information using technology is used, a human being has to be lured into clicking on a link, or visiting certain websites for the software to be implanted.

Maybe one of the problems is that people, who fall for these ploys are reluctant to admit they were tricked so easily? I've seen a lot of people fall for social engineering ploys, and not all of them are poorly educated, or what most of us would consider, stupid.

In fact, many us would probably be amazed at exactly who falls for social engineering ploys. Most people would rather remain anonymous because it's embarrassing to admit they were conned into whatever scheme they fell for.

Of course, the people I'm referring to have asked me to respect their privacy, and I'm an advocate of protecting that, along with being kind to victims, also.

Whether it is a government agency, big business, or non profit being targeted, the only thing that is consistent is we see more and more of this activity all the time. Trust me, if it didn't work, the criminals behind it wouldn't be wasting their time doing it.

If the activity is increasing, and social engineering it tied into most of it, the best thing we can do to defeat it, are more tests like these, combined with an effort to make people more aware of the problem.

While the results of this report aren't good, at least they are making the information public and not hiding it. My guess is that IRS employees aren't the only ones, who would fall for something like this.

Education and awareness are key in stopping this problem, which keeps growing by leaps and bounds!

Inspector General (Treasury Department) report, here.

The Phishermen keep using the IRS name to hook Phish (Identity Theft Victims)

Phishing has become a huge problem. Criminals (phishermen) spoof (impersonate) a brand or organization that people trust to trick people into giving up their personal, or financial information. The information is then used to steal money.

In the more sophisticated attempts, malware (crimeware) is dropped on a system that logs keystrokes, gathering even more personal information, without the computer owner's knowledge, or consent.


The phishermen have been spoofing the IRS so frequently, the IRS set up a dedicated e-mail address to report activity. The address is phishing@irs.gov (follow the instructions).


The most recent version is a spam e-mail intended to scare a person into thinking they are being investigated. Here is what the IRS site is reporting:

The e-mail purporting to be from IRS Criminal Investigation falsely states that the person is under a criminal probe for submitting a false tax return to the California Franchise Tax Board. The e-mail seeks to entice people to click on a link or open an attachment to learn more information about the complaint against them. The IRS warned people that the e-mail link and attachment is a Trojan Horse that can take over the person’s computer hard drive and allow someone to have remote access to the computer.

Trojan horses are often a gateway to install malware -- sometimes referred to as crimeware -- which often includes keylogging software. The bottom line is that once installed on a computer, they have the ability to steal personal and financial details, from afar, without any additional assistance from you.


All the terms out there get confusing to non-technical people, there are some now saying, we should group some of the terms together and call it "grayware?" Another term to group some of this terminology together is "badware."


Similar technology is used for advertising and marketing purposes by legitimate businesses, also. This is often referred to as spyware and adware. The one thing they all have in common is that they are often a nuisance.


The key is to NOT even open the spam e-mails enticing you to click on their links. The best practice is to delete them. These e-mails are generated by the millions, perhaps billions by now, using automated software and botnets (other people's computers that have been taken over).


Spam filters designed to stop them from getting in your inbox, seem like they are getting less effective, recently.


Botnet owners are known to rent out their networks to other criminals for this purpose.


Sadly enough, the IRS name has been being spoofed a lot lately. Here is the extent of it:

Since the establishment of the mail box last year, the IRS has received more than 17,700 e-mails from taxpayers reporting more than 240 separate phishing incidents. To date, investigations by TIGTA have identified host sites in at least 27 different countries, as well as in the United States.

The phishermen often impersonate financial institutions, eBay, PayPal, or government agencies; such as the FBI and Interpol.


The latest alert from the IRS can be seen, here.

Spear phishermen target executives to steal company information

Shamus McGillicuddy of CIO News highlights an interesting fact, which is you never know, who is going to fall for a phishing scam.

The phishermen normally send out a lot of bait (spam) in the hopes of hooking a few phish.

Shamus writes:

Over the last week and a half, spam messages purported to be from the Internal Revenue Service and the Better Business Bureau have been specifically targeting senior-level corporate executives with phishing scams.

Experts say these targeted phishing attacks, sometimes called "spear phishing," are nothing new, but they illustrate that spammers are getting more adept at targeting sophisticated email users who have access to the most sensitive data within their companies.

Spear phishing is simply a more focused form of phishing, which uses more personal touches, such as a person's real name, and or title.

With all the information plastered over the Internet, or available for sale; it isn't hard for phishermen to get what they need (personal information) to go spear phishing.

Many private companies and government organizations recognize the danger phishing poses in the workplace. To counter this, and raise awareness; they are phishing their own employees.

Recently, I did a post about this, which revealed more employees fall for this, than many would like to admit:

Technology alone isn't going to stop phishermen and other cyber ghouls on the Internet

There seems to be more and more phishing out there, which might be inspired by DIY (do it yourself) kits being sold over the Internet. DIY kits make it easy for not very sophisticated criminals to become expert phishermen.

The only good news about phishing is that with a little awareness, most people can spot this activity, because the phishing ploy doesn't make much sense, or is too good to be true.

CIO News story, here.

BBB Alert, here.

IRS Alert, here.

Another former IRS employee pleads guilty to fraud

For the second time in the recent past, a former IRS employee (this time a deputy director) is guilty of committing fraud. Specifically, he helped a dishonest tax preparation service convince tax payers to claim illegal deductions, by claiming they were legal.

From the DOJ press release:

A former Internal Revenue Service (IRS) district director, pleaded guilty today to conspiring to defraud the United States through his involvement in a tax fraud scheme promoted by the Topeka, Kansas-based “Renaissance, The Tax People, Inc.,” the Justice Department and the Internal Revenue Service announced. During a hearing before U.S. District Judge Carlos Murguia in Kansas City, Kan., Jesse Ayala Cota admitted defrauding the U.S. Treasury of more than $1.3 million and to earning more than $300,000 from his participation in the scheme.

Cota, 65, of Vista, Calif., admitted in his plea agreement that from 1997 though April 2002, the conspirators, through Renaissance, operated a scheme to defraud the government and individuals by marketing a program designed to sell illegal tax deductions through false and misleading representations. His co-conspirators, Todd Eugene Strand and Daniel Joel Gleason, previously pleaded guilty to the same fraudulent scheme. Additionally, Cota admitted that during his participation in the conspiracy, those involved prepared or had others prepare false federal income tax returns resulting in a tax loss of approximately $1.3 million.

Full DOJ release, here.

I wonder what will happen to all the people that were convinced to use the illegal deductions?

Here is the post, I recently did about another former IRS type committing a different type of refund fraud:

Former IRS employee charged with a different type of refund fraud

So far as dishonest tax preparers, I covered this recently, also. A major Jackson Hewitt franchisee is under investigation for allegedly committing $70 million in tax fraud.

Of course, they should be considered innocent until proven guilty.

Former IRS employee charged with a different type of refund fraud

With the deadline to file our taxes almost upon us, the term refund fraud, normally is associated with filing a fraudulent tax refund. A former IRS employee, Robert Dooley has been charged a different type of refund fraud (retail). The stated losses in this case were $330,000.

Dooley allegedly stole merchandise and refunded it in nine states (he gets around), using his IRS identification to intimidate (my best guess) Home Depot employees.

Many retailers allow returns without a receipt if identification is presented. The practice of maintaining this information in data bases, which might be hacked has been a concern with privacy advocates, recently.

I examined this issue in a recent post on what some retailers are doing to protect themselves without data mining information (SIRAS technology), here.

Refund fraud is estimated to cost retailers $16 billion a year based on a study conducted by Dr. Richard Hollinger at the University of Florida.

In many instances, Dooley received gift cards, which retail crooks often turn into cash, using a variety of methods.

Reuters story on this matter, here.

Their article suggests that Dooley would pick up the merchandise and head directly to the return counter. This is a common way retail criminals perform a fraudulent refund.

This isn't the first time in recent history a civil service type was involved in this activity. A little over a year ago, I did a post on a former Bush advisor doing fraudulent refunds:

Former Bush Advisor Arrested on Shoplifting Allegations

And civil servants aren't the only public figures that have been caught shoplifting.

(Winona Ryder photo courtesy of Wikipedia)

Is tax fraud being enabled by too many dishonest preparers?

In February, I wrote about fraudulent tax returns being filed using forged W-2s.

Another story recently surfaced from the SF Bay area, where Jackson Hewitt preparers were complaining this seasonal type of fraud is getting out of control.

Kate Williamson (Examiner) wrote:

If successful, the fraud allows tax cheats to receive thousands of dollars, either from the federal government or from companies making tax refund anticipation loans. It is sometimes coupled with identity theft, which can create problems for law-abiding citizens when they go to file their own taxes.

Kate Williamson article, here.

Interestingly enough, Jackson Hewitt preparers were quoted for this story and in another story - a lot of Jackson Hewitt franchises are being taken to task by the Justice Department for (allegedly) committing tax fraud, themselves.

The AP (courtesy of CNN) is reporting:

The franchises were either totally or partially owned by Farrukh Sohail, the Justice Department said, and involved "a pervasive and massive series of tax-fraud schemes," according to court filings.

Sohail and other defendants "created, directed, fostered, and maintained a business environment" at the Jackson Hewitt franchises "in which fraudulent tax return preparation is encouraged and flourishes," according to court documents.

Employees were encouraged to ignore telltale signs of fraudulent information and to file claims even when it was obvious customers were using fake W-2 forms or false
deductions.

A sample of returns prepared by franchises connected to Sohail found 31 percent contained false information such as phony earned income tax credit claims, bogus deductions and fraudulent W-2 forms.

AP story, here.

Dishonest tax preparers and people using forged W-2 forms is nothing new. In the past couple of years, there were even stories about this being done by prisoners. W-2 blanks are easily purchased at office supply stores, or over the Internet.

This phenomenon is probably being enabled by large payouts for what is known as the earned income tax credit and a huge business in refund anticipation loans. Refund anticipation loans often carry a triple digit interest rate, when considering the term (normally less than a month).

The AP article states that the dishonest franchises cost the government $70 million and this represents about 2 percent of Jackson Hewitt's business.

Some believe, the huge business in refund anticipation loans, has been inspired by the large dollar refunds lower income people get based on the earned income tax credit.

Currently, our tax gap (yearly difference between what is taken in and paid out) is 354 billion, according to the AP article.

Maybe, we need a better way to verify that W-2s are legitimate?

We can all help the IRS if we suspect tax fraud by reporting it, here.

Someone is going to say, we spend too much time going after the poor (people filing for earned income tax credits). Before they do, I would like to point out that in the instance cited, the Justice Department seems to be going after an "enabler" (Jackson Hewitt).

With our resources coming up $354 billion short every year, we can't afford to keep looking the other way on issues, such as these. The result will be more taxes to pay for needed government services.

Another problem is that a lot of the criminals doing this are using other people's information (identity theft). A lot of people are filing their taxes - only to discover someone else has already gotten a refund using their name.

From what I hear, this can be pretty hard and (painful) to clean up, once it occurs.

Of course, this isn't the only type of tax fraud being committed. A great place to learn all about the various schemes is Quatloos.com, which can be read by linking, here.

Don't be lured with promises of something too good to be true when filing your taxes

Tax season brings with it all kinds of fraud. A lot of immoral sorts try to get someone to fall for something that's too good to be true. They get away with it because people are afraid of what they might owe, or they take advantage of what I call the "greed factor."

One thing is certain, if you fall for their promises, you're going to be left holding the bag. This means financial hardship (at a minimum) and could mean incarceration (jail).

I firmly believe that education is the best weapon against fraud. And the best places to educate yourself about tax fraud is none other than the IRS website, itself.

They keep a close eye on trends involving tax fraud and publish the information for free.

On February 7th, they published the 2007 "Dirty Dozen Tax Scams."

Here are the 12 most prevalent scams, according to the IRS:

1. Zero Wages. In this scam, new to the Dirty Dozen, a taxpayer attaches to his or her return either a Form 4852 (Substitute Form W-2) or a “corrected” Form 1099 that shows zero or little wages or other income. The taxpayer may include a statement indicating the taxpayer is rebutting information submitted to the IRS by the payer. An explanation on the Form 4852 may cite "statutory language behind IRC 3401 and 3121" or may include some reference to the paying company refusing to issue a corrected Form W-2 for fear of IRS retaliation. The Form 4852 or 1099 is usually attached to a “Zero Return.” (See number four below.)

2. Form 843 Tax Abatement. This scam, also new to the Dirty Dozen, rests on faulty interpretation of the Internal Revenue Code. It involves the filer requesting abatement of previously assessed tax using Form 843. Many using this scam have not previously filed tax returns and the tax they are trying to have abated has been assessed by the IRS through the Substitute for Return Program. The filer uses the Form 843 to list reasons for the request. Often, one of the reasons is: "Failed to properly compute and/or calculate IRC Sec 83––Property Transferred in Connection with Performance of Service."

3. Phishing. Phishing is a technique used by identity thieves to acquire personal financial data in order to gain access to the financial accounts of unsuspecting consumers, run up charges on their credit cards or apply for new loans in their names. These Internet-based criminals pose as representatives of a financial institution and send out fictitious e-mail correspondence in an attempt to trick consumers into disclosing private information. Sometimes scammers pose as the IRS itself. In recent months, some taxpayers have received e-mails that appear to come from the IRS. A typical e-mail notifies a taxpayer of an outstanding refund and urges the taxpayer to click on a hyperlink and visit an official-looking Web site. The Web site then solicits a social security and credit card number. In a variation of this scheme, criminals have used e-mail to announce to unsuspecting taxpayers they are “under audit” and could make things right by divulging selected private financial information. Taxpayers should take note: The IRS does not use e-mail to initiate contact with taxpayers about issues related to their accounts. If a taxpayer has any doubt whether a contact from the IRS is authentic, the taxpayer should call 1-800-829-1040 to confirm it.

4. Zero Return. Promoters instruct taxpayers to enter all zeros on their federal income tax filings. In a twist on this scheme, filers enter zero income, report their withholding and then write “nunc pro tunc”–– Latin for “now for then”––on the return. They often also do this with amended returns in the hope the IRS will disregard the original return in which they reported wages and other income.

5. Trust Misuse. For years unscrupulous promoters have urged taxpayers to transfer assets into trusts. They promise reduction of income subject to tax, deductions for personal expenses and reduced estate or gift taxes. However, some trusts do not deliver the promised tax benefits, and the IRS is actively examining these arrangements. There are currently more than 200 active investigations underway and three dozen injunctions have been obtained against promoters since 2001. As with other arrangements, taxpayers should seek the advice of a trusted professional before entering into a trust.

6. Frivolous Arguments. Promoters have been known to make the following outlandish claims: the Sixteenth Amendment concerning congressional power to lay and collect income taxes was never ratified; wages are not income; filing a return and paying taxes are merely voluntary; and being required to file Form 1040 violates the Fifth Amendment right against self-incrimination or the Fourth Amendment right to privacy. Don’t believe these or other similar claims. These arguments are false and have been thrown out of court. While taxpayers have the right to contest their tax liabilities in court, no one has the right to disobey the law.

7. Return Preparer Fraud. Dishonest return preparers can cause many headaches for taxpayers who fall victim to their schemes. Such preparers derive financial gain by skimming a portion of their clients’ refunds and charging inflated fees for return preparation services. They attract new clients by promising large refunds. Taxpayers should choose carefully when hiring a tax preparer. As the old saying goes, “If it sounds too good to be true, it probably is.” And remember, no matter who prepares the return, the taxpayer is ultimately responsible for its accuracy. Since 2002, the courts have issued injunctions ordering dozens of individuals to cease preparing returns, and the Department of Justice has filed complaints against dozens of others. During fiscal year 2005, more than 110 tax return preparers were convicted of tax crimes.

8. Credit Counseling Agencies. Taxpayers should be careful with credit counseling organizations that claim they can fix credit ratings, push debt payment plans or impose high set-up fees or monthly service charges that may add to existing debt. The IRS Tax Exempt and Government Entities Division is in the process of revoking the tax-exempt status of numerous credit counseling organizations that operated under the guise of educating financially distressed consumers with debt problems while charging debtors large fees and providing little or no counseling.

9. Abuse of Charitable Organizations and Deductions. The IRS has observed increased use of tax-exempt organizations to improperly shield income or assets from taxation. This can occur, for example, when a taxpayer moves assets or income to a tax-exempt supporting organization or donor-advised fund but maintains control over the assets or income, thereby obtaining a tax deduction without transferring a commensurate benefit to charity. A “contribution” of a historic facade easement to a tax-exempt conservation organization is another example. In many cases, local historic preservation laws already prohibit alteration of the home’s facade, making the contributed easement superfluous. Even if the facade could be altered, the deduction claimed for the easement contribution may far exceed the easement’s impact on the value of the property.

10. Offshore Transactions. Despite a crackdown by the IRS and state tax agencies, individuals continue to try to avoid U.S. taxes by illegally hiding income in offshore bank and brokerage accounts or using offshore credit cards, wire transfers, foreign trusts, employee leasing schemes, private annuities or life insurance to do so. The IRS and the tax agencies of U.S. states and possessions continue to aggressively pursue taxpayers and promoters involved in such abusive transactions. During fiscal 2005, 68 individuals were convicted on charges of promotion and use of abusive tax schemes designed to evade taxes.

11. Employment Tax Evasion. The IRS has seen a number of illegal schemes that instruct employers not to withhold federal income tax or other employment taxes from wages paid to their employees. Such advice is based on an incorrect interpretation of Section 861 and other parts of the tax law and has been refuted in court. Lately, the IRS has seen an increase in activity in the area of “double-dip” parking and medical reimbursement issues. In recent years, the courts have issued injunctions against more than a dozen persons ordering them to stop promoting the scheme. During fiscal 2005, more than 50 individuals were sentenced to an average of 30 months in prison for employment tax evasion. Employer participants can also be held responsible for back payments of employment taxes, plus penalties and interest. It is worth noting that employees who have nothing withheld from their wages are still responsible for payment of their personal taxes.

12. “No Gain” Deduction. Filers attempt to eliminate their entire adjusted gross income (AGI) by deducting it on Schedule A. The filer lists his or her AGI under the Schedule A section labeled “Other Miscellaneous Deductions” and attaches a statement to the return that refers to court documents and includes the words “No Gain Realized.”

Two items fell off the list this year:

Two noteworthy scams have dropped off the “Dirty Dozen” this year: “claim of right” and “corporation sole.” IRS personnel have noticed less activity in these scams over the past year following court cases against a number of
promoters.

Dirty Dozen press release, here.

If you are a victim of one of these scams, you can report it, here.

Notably, they mention that reporting a scam might qualify you for a reward, but reporting one of these scams might (also) prevent someone else from becoming victimized.

There is also a lot of other free information and tools to do your taxes on the main IRS website, here.

IRS Renews Phishing Awareness Campaign

The IRS is reacting to recent phishing attempts, which are designed to steal people's personal information. Once stolen, this information is normally used in "identity theft" schemes, but they could be used by illegal immigrants (or in theory) terrorists.

In a recent release from the IRS site:

The IRS saw an increase in complaints in recent weeks about these e-mails, which are designed to trick the recipients into disclosing personal and financial information that could be used to steal the recipients’ identity and financial assets.

“The IRS does not send out unsolicited e-mails asking for personal information,” said IRS Commissioner Mark W. Everson. “Don’t be taken in by these criminals.”

The IRS has seen a recent increase in these scams. Since November, 99 different scams have been identified, with 20 of those coming in June – the most since 40 were identified in March during the height of the filing season.

Many of these schemes originate outside the United States. To date, investigations by the Treasury Inspector General for Tax Administration have identified sites hosting more than two dozen IRS-related phishing scams. These scam Web sites have been located in many different countries, including Argentina, Aruba, Australia, Austria, Canada, Chile, China, England, Germany, Indonesia, Italy, Japan, Korea, Malaysia, Mexico, Poland, Singapore and Slovakia, as well as the United States.

If you get any of these e-mails, the IRS requests that you forward them to phishing@irs.gov. I highly recommend that you do so - the IRS seems to be actively investigating them.

For the full news release: Click Here.

Here is a story from SmartMoney.com about illegal immigrants using people's personal information.

In another vein, here is a story (released in March by the Washington Post) about how tax preparers are trying to "legally" sell information from people's tax returns.

Sadly enough, my personal belief that the current "identity theft" crisis has (in part) been spawned by the mass gathering of people's personal information for marketing purposes.