Tax Scam Alert: Get an Email From the IRS? Don’t Open it!

Uncle Sam isn’t the only thing small business have to worry about come tax time. They also have to be wary of fraudsters who will try to steal their identity and even their refund.

“Identity fraud is getting really serious,” says Stephen Coggeshall, chief technology officer at ID Analytics, an identity theft analytics company. “The IRS is dealing with it but is spending a lot of time on the backend finding it. They don’t quite have a handle on the prevention side.”

Tax fraud comes in many flavors but the common thread is the acquisition of a small business owner’s identifying information, particularly their name, social security number and birth date. With that in hand, fraudsters can file fake tax returns and get a refund without the IRS or small business owner any the wiser until it’s too late.  In addition to the headache of sorting it out with the IRS, the small business owner will be more vulnerable to other identity theft crimes that can hurt their credit rating and their bank accounts.

“It’s not an easy problem. It can take many months to get straightened out,” says Coggeshall. “Once the identifying information is compromised they can become victims of all kinds of financial crimes.”

In order to become a victim the business owners information has to fall into the wrong hands, which is why security experts says small business owners have to be vigilant in protecting their identifying information.  They also have to be suspicious of anyone that requests their social security information, especially if it comes in the form of an email.

“The IRS will never email you. Ever. If you get an email from the IRS or EFTPS (Electronic Federal Tax Payment System), forward it to and do not respond,” says Grant McDonald, senior global product marketing manager at Symantec. “This is one of the simplest and most common tricks people fall victim to, because the emails often look legitimate.”

Business owners should not respond to any email requesting an unusual amount of personal and/ or financial information, says McDonald. Chances are it’s a phishing attack in which the fraudster tricks you into to giving up sensitive information.  Clicking on unsolicited links and providing information no matter how authentic it may look could result in your identity being compromised.

How you store and transmit your sensitive information is also important.  You should never store your social security number or tax information in an unsecure email account, and you should shred any documents that have that information on it.

“Don’t let documents lie around that have tax information or social security numbers on them,” says Coggeshall. “If you don’t need to save it, shred it.”

If you prepare your business’ taxes on the company computer, McDonald says to make sure the files are secure with a password protected directory and that the system is protected from outside threats, which means making sure your antivirus software is up to date and all of your security holes are patched. If you are using a Wi-Fi network to file your taxes, McDonald says to use a secure Internet connection and to avoid any public wireless hotspots.

Even how you file your tax return and get your refund can put you at risk. Unscrupulous criminals won’t think twice about sifting through mail boxes for returns during tax season, and target unlocked mailboxes for refunds. A better option is to file your taxes electronically and get your refund directly deposited into your account when you can.

While most of the tax fraud comes from the outside, business owners also have to realize it can come from inside as well. Employees may steal identifying information to perpetrate an act of fraud or could be in the business of selling the information to other scammers.  That doesn’t mean the business owner has to distrust his or entire team, but one should be watchful.

“It could be someone in the HR department, finance, accounting or someone that has access to that information,” says Coggeshall. “Business owners need to be cognizant of that risk.”