Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

IRS Warns HR And Payroll Departments About The "New Client" Scam

The IRS has published its "dirty dozen" of scams. Here is the first of the scams from the IRS site:

The IRS continues to see a barrage of email and text scams targeting taxpayers and others. These schemes frequently peak during tax season but they continue throughout the year. Taxpayers face a wide variety of these scams and schemes. And tax professionals, payroll providers and human resource departments [emphasis added] remain favorite targets of email and text scams since they have sensitive personal and financial information. One common example remains the "new client" scam that can target tax pros and others.

That means taxpayers and tax professionals should be alert to fake communications posing as legitimate organizations in the tax and financial community, including the IRS and state tax agencies. These messages arrive in the form of unsolicited texts or emails to lure unsuspecting victims to provide valuable personal and financial information that can lead to identity theft. There are two main types:

  • Phishing: An email sent by fraudsters claiming to come from the IRS. The email lures the victims into the scam with a variety of ruses such as enticing victims with a phony tax refund or threatening them with false legal or criminal charges for tax fraud.

  • Smishing: A text or smartphone SMS message where scammers often use alarming language such as, "Your account has now been put on hold," or "Unusual Activity Report," with a bogus "Solutions" link to restore the recipient's account. Unexpected tax refunds are another potential lure for scam artists.

Never click on any unsolicited communication claiming to be the IRS as it may surreptitiously load malware. It may also be a way for malicious hackers to load ransomware that keeps the legitimate user from accessing their system and files.

In some cases, phishing emails may appear to come from a legitimate sender or organization that has had their email account credentials stolen. Setting up two-factor or multi-factor authentication with their email provider can reduce the risk of individuals having their email account compromised.

The IRS provides the following prevention tips:

If a taxpayer receives an email claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery.

  • Don't reply.

  • Don't open any attachments. They can contain malicious code that may infect the computer or mobile phone.

  • Don't click on any links. If a taxpayer inadvertently clicked on links in a suspicious email or website and entered confidential information, visit the IRS' identity protection page.

  • Send the full email headers or forward the email as-is to phishing@irs.gov. Don't forward screenshots or scanned images of emails because this removes valuable information.

  • Delete the original email.

If a taxpayer receives a text claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery.

  • Don't reply.

  • Don't open any attachments. They can contain malicious code that may infect the computer or mobile phone.

  • Don't click on any links. If a taxpayer clicked on links in a suspicious SMS and entered confidential information, they should visit Identity Theft Central.

  • Report the message to 7726 (SPAM).

  • Include both the Caller ID and the message body in an email and send to phishing@irs.gov. Copy the Caller ID from the message by pressing and holding on the body of the text message, then select Copy, paste into the email. If the taxpayer is unable to copy the Caller ID or message body, forward a screenshot of the message.

  • Delete the original text.

  • For more information see the IRS video on fake IRS-related text messages https://www.irs.gov/newsroom/irs-kicks-off-annual-dirty-dozen-with-warning-about-phishing-and-smishing-scams

Commentary

Note that the IRS specifically states human resources and payroll personnel are targeted with this scam. Employers should make these departments aware of this announcement.

Finally, your opinion is important to us. Please complete the opinion survey:

Training Required For Password Best Practices

Not all employees follow cybersecurity best practices, which can put organizations at risk of a cyberattack. We examine passwords and the need for training.

read more

Recent Data Breach Increases Risk Of A Convincing Social Engineering Scam

Cybercriminals claim to have stolen the personal financial data of more than half a billion Ticketmaster customers. Learn about the risk.

read more

Colorado Regulates AI-Consumer Interactions: How Will This Impact Employers?

As artificial intelligence plays a larger role in everyday life, states are stepping in to regulate.

read more

Sharp Uptick In Botnet And Ransomware Activity: Prevention Steps You Can Take Now

A recent report shows a large increase in certain botnet and ransomware programs, accounting for the biggest increase in this activity. We examine this trend.

read more