The state Department of Revenue Monday is warning residents of a new scam in which someone poses as IRS officials and debt collectors in order to file tax returns and obtain refunds.
The IRS recently issued a warning about the scam, which starts with the theft of client data from tax professionals, the department said. The stolen data is then used to file fraudulent tax returns in the name of the identity theft victims.
The new twist is that rather than routing the fraudulent tax refunds to a separate account, cyber criminals are directing the refunds to the taxpayers’ real bank accounts through direct deposit, according to the department.
The person then uses threatening phone calls to trick taxpayers into “returning” the refunds, and unsuspecting victims have, in some cases, forwarded that money to them.
The department said that in one version of the scam, a taxpayer who received a fraudulent refund also received an automated call with a recording from a person claiming to be from the IRS. The recording threatened the taxpayer with criminal fraud charges, an arrest warrant and a “blacklisting” of their Social Security number. The recording listed a case number and telephone number to call to return the refund.
In another version of the scam, the caller is a debt collector acting on behalf of the IRS and contacting taxpayers to say a refund was deposited into their accounts in error. The taxpayers are asked to forward the money to the collection agency.
The department offered some tips on how to avoid tax identity theft scams:
- The state Revenue Department and IRS will never call demanding immediate payment of past-due taxes. Taxpayers should not give out personal information over the phone to unsolicited callers, even if the caller claims to be from the IRS or bank.
- Do not trust the number on Caller ID. Scam artists increasingly use spoofing to trick the system.
- Educate yourself on phishing schemes, which involve fake email messages designed to steal sensitive information, such as passwords, usernames or personal financial information.
- Never take an email from a familiar source at face value. If an email asks you to open a link or attachment or includes a threat to close your account, think twice and go directly to the legitimate website and access your account.
- Use strong, unique passwords and different passwords for each account. Use a mix of letters, numbers and special characters.
- Use security software to help defend against malware, viruses and known phishing sites. Elect to automatically update the software.
- If an email contains a link, hover the cursor over the link to see the web address. If it’s not a URL you recognize or if it’s an abbreviated address, don’t click on it.