In the News
On July 3 the Internal Revenue Service warned taxpayers about a mailing that misleads them into believing they are owed a tax refund and includes contact information that does not belong to the IRS. The fraudulent letter requests cellphone numbers, bank account type and routing information, and Social Security numbers.
These threats are real. On September 18, in the U.S. District Court for the Northern District of West Virginia, Ayodele Arasokun was sentenced to 34 years in prison and three years’ supervised release, and ordered to pay over $2.2 million in restitution after a jury convicted him of wire fraud and aggravated identity theft in 2022. Throughout 2016 and 2017, Arasokun collected names, dates of birth, and SSNs of several individuals.
Using this information, he compromised the IRS online application for identity protection personal identification numbers and filed fraudulent income tax returns containing fictitious income, withholding, and other information. The IRS paid about $2.2 million of his $9.1 million refund claims.
The investigation was conducted by the IRS Criminal Investigation division and the Treasury Inspector General for Tax Administration’s Cybercrime Investigations Division. TIGTA investigates abuses of the IRS’s online portals, including the e-filing PIN application website.
The July 3 IRS announcement lists information and reporting resources provided by it and other federal agencies that are available to taxpayers targeted by identity theft and tax refund fraud scams via email or text.
Taxpayers who receive emails and texts that claim to be from the IRS should report them to the IRS. Taxpayers can also report scams to TIGTA, the Federal Bureau of Investigation, and the Federal Trade Commission.
The announcement also directs taxpayers to the Federal Communications Commission for tools that protect mobile devices from security threats.
Taxpayers should report emails and texts claiming to be from the IRS to [email protected]. The report should include the caller ID (email or phone number), date, time and time zone, and the phone number that received the message. Communications forwarded to the IRS should include all email headers and should not be scanned images because scanning removes valuable information.
Taxpayers who receive an email claiming to be from the IRS that contains a request for personal information, or mentions taxes associated with a large investment, inheritance, or lottery should:
- not reply;
- not open any attachments because they may contain malicious code that infects computers or mobile phones;
- not click on any links;
- forward it to the IRS; and
- delete the original email.
Taxpayers who receive a text claiming to be from the IRS should forward it to the IRS at 202-552-1226 and provide the originating number in a separate text.
Additional IRS Resources
The IRS’s “Report Phishing and Online Scams” page provides additional details about preventing and reporting scams. Taxpayers who clicked on links in a suspicious email or website and entered confidential information should visit the IRS identity protection page.
The IRS also offers an online identity protection PIN tool, which issues a six-digit number known only to the taxpayer and the IRS and prevents fraudulent tax return filings.
Founded in 2015, the Security Summit includes the IRS, state tax agencies, and the tax community, which includes tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations, and financial institutions. Total membership includes 42 state agencies and 20 industry offices, in addition to the IRS. The summit and the IRS create the annual IRS “Dirty Dozen” list.
In 2017 summit partners created the Information Sharing and Analysis Center, a public-private partnership that shares information in a collaborative environment. Its purpose is to:
- facilitate information exchange for tax administration purposes related to identity theft tax refund fraud;
- provide a forum for participants to discuss real-time responses to fraud schemes; and
- promote the advancement of data analysis, capabilities, methods, and strategies to detect, reduce, and prevent this type of fraud.
TIGTA was established in January 1999 as part of the Internal Revenue Service Restructuring and Reform Act of 1998 to provide independent oversight of IRS activities.
TIGTA provides audit, investigative, inspection, and evaluation services that promote integrity, economy, and efficiency in the administration of the U.S. tax system.
The FBI’s Internet Crime Complaint Center, or IC3, is a U.S. central hub for reporting cybercrime to the FBI, which is the lead federal agency investigating cybercrime. Complaints and reports filed with IC3 allow the FBI to investigate crimes, track trends and threats, and freeze stolen funds. IC3 shares crime reports throughout its network of FBI field offices and law enforcement partners.
Federal Trade Commission
The FTC complaint assistant is another resource for reporting refund-related identity theft and fraud. Individuals who have already filed a complaint at the FTC’s IdentityTheft.gov website do not need to report it again to the assistant.
The FTC does not resolve individual complaints but shares them with more than 2,800 law enforcers and uses them to investigate and bring cases against fraud, scams, and bad business practices.
The FTC uses consumer information to further its own law enforcement investigations and works with other federal, state, local, and international government agencies to investigate complaints, coordinate law enforcement investigations, cooperate with oversight investigations, and follow up on identity theft reports. It also provides information to credit bureaus for complaints about consumer fraud, identity theft, and credit reports.
Federal Communications Commission
The FCC smartphone security checker allows smartphone owners to enter their mobile operating system and follow 10 customized steps to secure their mobile devices. It also provides a general smartphone security checklist.
The FCC consumer guide on mobile wallet services protection provides tips on protecting devices, mobile wallet services and applications, and associated data from theft and cyberattacks.
The HealthIT.gov mobile security guide provides 10 steps to protect and secure health information when using a mobile device.