Helping clients recover from tax scams

Tax scams are big business for somebody — millions of dollars, if not billions, big. Sooner or later probably every tax preparer is going to have a client who gets taken (if the preparers themselves aren't the victims first).

The worst scam practitioners have seen? And how to help a client recover?

"A seven-digit Employee Retention Credit scam that the employer clearly did not qualify for originating from a nascent fly-by-night bad actor who shall remain nameless at present, as litigation is ongoing," said John Dundon, president of Taxpayer Advocacy Services in Englewood, Colorado. "I'm negotiating repayment terms with the IRS."

"At a prior wealth management firm, we had an elderly client send money to someone in Africa — twice — claiming that if he sent them money, they would repay him several-fold," said Bruce Primeau, a CPA and president of Summit Wealth Advocates, in Prior Lake, Minnesota. "Obviously, the client never received payment and his spouse had to remove [him], due to cognitive issues,  from having access to their accounts. Very sad."

"Once a client called me in panic that she was at the Western Union just about to send $5,000 to the IRS," said Manasa Nadig, an Enrolled Agent and owner at MN Tax and Business Services and a partner at Harris Nadig in Canton, Michigan. "She said that she had received a call from the IRS that she owed money (which she actually did) and that if she did not pay up, the IRS would send armed agents to her door. Thankfully, she decided to call me just before she pressed the button."

"We got engaged by a customer post-incident to help them put controls in place to minimize the potential of a similar attack recurring," said John Verry, managing director of cybersecurity at CBIZ Pivot Point Security based in Hamilton, New Jersey. "A person working in AR was sent an email from a customer whose email account had been compromised. The email, authored by the attacker, contained a document communicating their account status that included a malicious link."

p1afk42fia1lbclrlc9qv84qpe8.jpg

"When the AR person clicked the link, they were prompted for a username and password, which they unfortunately entered," Verry continued. "The attacker used the provided credentials to access the AR person's email. For five weeks, the attacker and the AR person were simultaneously using the AR person's email account."

The attacker sent emails to the customer's accounts payable personnel directing them to change the account number for payments to the attacker's account and then deleted the sent emails, Verry explained. The attacker would continue the conversation with the AP personnel, validating that the change was legitimate.

"My understanding was that the total loss approached $10 million," Verry said.

'Relentlessly pounding'

The IRS warned over the summer that it was seeing a surge of scams. Among them: 

  • Many of the email scams make promises about a nonexistent third round of Economic Impact Payments. The emails include an embedded URL link taking unwary taxpayers to a phishing website that steals their personal information. 
  • Scam promoters are luring people to improperly claim the ERC with "offers" online, in social media, on the radio or through unsolicited phone calls, emails and mailings that appear to be genuine government letters but have fake agency names and usually urge immediate action. 
  • A scam mailing tries to mislead people into believing they are owed a refund by sending them a cardboard envelope from a delivery service with a letter enclosed that includes the IRS masthead and wording that the notice is "in relation to your unclaimed refund."
  • The IRS is also getting reports about emails encouraging people to "Claim your tax refund online," and text messages that the person's tax return was "banned" by the IRS. These scams are riddled with spelling errors and awkward phrasing, but they consistently try to entice people to click on a link. Typical wording: "MSG … IRS: You federal return was ban-by the IRS. Don't worry, we'll help you fix it," or "We cheked an error in the calculation of your tax from the last payment … If we are unable to complete within 3 days, all pending will be cancelled."

"We've had clients receive threatening phone calls claiming they owe money to the government," added Mary O'Connor, partner-in-charge of forensic and valuation services at Sikich, a Top 100 Firm based in Chicago. 
"Lately, the ERC mills have been bombarding my clients with texts, emails and phone calls," Nadig said. "Of all the clients I have who run payroll, there has been only one client who qualified for ERC and only for one quarter."

"Relentlessly pounding taxpayers" is how IRS Commissioner Danny Werfel has put it. Following its influx of IRA funding, the IRS has promised that battling constantly evolving tax-related scams and ID theft will remain one of its highest priorities.

Responses and repetition

Verry said his team recommended a series of best practices and changes to manage the attack on AR, including improvements to security awareness training and phishing programs; broader multifactor authentication use and a move to contextual authentication; formalizing processes for communicating account/term changes internally and externally; and improvements in monitoring and alerting on critical systems and accounts.

Sikich works closely with clients to educate them on how to identify fraud. "Now going high-tech, experts in fraud are building their skills using AI tools like ChatGPT," O'Connor said. "Messages look and sound professional and convincing, so beware. We urge clients to always involve their CPA if there is a suspicion of fraud." 

"Fortunately, I've never had a client fall for a scam," said Morris Armstrong, an EA and registered investment advisor at Armstrong Financial Strategies in Cheshire, Connecticut. "We're very proactive in sending out communications to our clients and others, simply highlighting the dangers and how most scams, while in hindsight are questionable, are very plausible in the moment. The greatest response we get from people is, 'I'd never do that because you taught us,' but we do believe in repetitive messages."

For reprint and licensing requests for this article, click here.
Tax Tax scams Tax-related ID theft IRS
MORE FROM FINANCIAL PLANNING