U.S. Tax Season Starts this Week — Here are Some Scams to be Aware of

Publish Date


Cyber Alert

  • Cybersecurity

This week is Tax Identify Theft Week in the U.S. As tax filing season kicks off, it’s important to be on the lookout for tax scams. Last year, the Internal Revenue Service (IRS) issued its Dirty Dozen list of tax scams, which included phishing, phone scams, and identity theft. Last fall’s Equifax breach may also lead to an uptick in tax fraud this season.

Here are some ways you can protect yourself. We encourage you to share these tips with your colleagues, family, and friends as appropriate.

File as Early as Possible

Tax returns are not due until April 17, 2018 but we recommend filing as soon as possible to get ahead of potential fraudulent filings submitted on your behalf.

Here are some ways you can protect yourself. We encourage you to share these tips with your colleagues, family, and friends as appropriate.

Be Vigilant About Suspicious Emails, Phone Calls, and Texts

Email scams claim to be from the IRS or others in the tax industry, including tax software companies. These emails may ask the recipient to update or provide important information via a link to a website that appears to be an official IRS website but is actually fake. In addition, some of these websites may contain malware.

The IRS urges anyone who believes they may have received a fraudulent tax email to not click any links in the email and to forward the email to phishing@irs.gov.

Tax scams that happen via telephone call or text message often have common characteristics that you can look out for to identify a fake, including:

  • Fake names and IRS badge numbers. Look out for common names and surnames.
  • Scammers may know the last four digits of your Social Security Number.
  • The IRS toll-free telephone number can be spoofed on caller ID.
  • Telephone scammers may follow up with an email containing a link to a fraudulent website that is often malware-infected.
  • Background noise that sounds like a call center.
  • Scammers may threaten victims with jail time or driver's license revocation, then hang up and call back claiming to be the local police or DMV while also spoofing the numbers of these departments on caller ID.

For more information, see the IRS' resources on identity theft prevention and detection.

Verify Schedule K-1 and W-2 Form Requests

ACA Aponix urges caution when responding to requests from purported investors, clients, employees, or tax advisers for K-1 or W-2 forms, as these requests may be fraudulent. Be sure to password-encrypt K-1, W-2, and 1099 documents when sending them to individuals, and do not distribute the password via email. We recommend that you use password-protected portals for transferring such documents.

Raise Awareness

We urge you to share this information with family, friends, colleagues, and staff. If you or someone you know has been the victim of identity theft or a fraudulent wire transaction, reach out to your local police department and/or the FBI for assistance.

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.

About the Author

Raj Bakhru, CISSP, is a Partner at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. ACA Aponix focuses on independent, holistic technology risk assessments and advisory services for financial firms. It also performs vendor due diligence, penetration testing, phishing testing, staff training, and information security policy build-outs. Prior to ACA’s acquisition of the firm, Raj was Chief Executive Officer of Aponix Financial Technologists, which he cofounded. Before that, he led firm-wide software development and was part of the founding team at Kepos Capital, now a $2 billion global macro quantitative asset manager. Prior to Kepos, Raj served as a Vice President at Highbridge Capital, where he led the team building the firm’s proprietary order and execution management system. In addition, he previously worked on research and cross-asset-class algorithmic trading algorithms and software systems at Goldman Sachs Asset Management’s quantitative hedge funds.

Raj earned his BS from Columbia University in Computer Engineering and has received his CFA charter and his CISSP designation. In the course of his career, he has been frequently quoted in Ignites, HFMWeek, MarketWatch, The Cybersecurity Law Report, and other industry-leading publications on information security in financial services.