Printer Friendly

Keeping client information safe in an age of scams and security threats: a look at the dirty dozen tax scams and ways to protect taxpayer information.

With the first part of the 2017 filing season over, many practices are turning to their to-do lists of upgrades and enhancements requiring attention before the next busy season. Assessing security is likely to be high on many of those lists. The IRS's annual reckoning of the top 12 tax scams, many of them security related, provides a helpful framework for evaluating threats firms and their clients may face.

To get started on an evaluation of potential risks, this report offers a quick guide to the IRS's Dirty Dozen most egregious scams along with checklists to help bolster efforts to protect client information. Moving up the list to the No. 1 scam was phishing, which has affected tax preparers, company payroll and human resources departments, and individual taxpayers over the past year. Second was phone scams, which involve fraudsters impersonating the IRS, calling and threatening people to get them to pay amounts they may not even owe, and often asking for untraceable forms of payment. And tax-related identity theft remains a significant concern.


Phishing schemes, which involve fake email or websites that trick taxpayers or practitioners into giving personal information (such as Social Security numbers, credit card numbers, or bank account numbers) and login or password information, lead the list of tax scams for 2017. Be wary about clicking on any attachments or links in emails. Taxpayers and tax practitioners who receive a suspicious email should send it to The IRS, state tax agencies, and the tax industry launched a public awareness campaign called Protect Your Clients; Protect Yourself to warn tax professionals, offer tips, and compile alerts. More information about the campaign is available at


The IRS says receiving aggressive and threatening phone calls from criminals impersonating IRS agents is a major threat to taxpayers. The Treasury Inspector General for Tax Administration (TIGTA) reports having become aware of more than 10,000 victims who have collectively paid more than $54 million as a result of phone scams since October 2013. During filing season, the IRS generally sees a surge in scam phone calls that threaten police arrest, deportation, license revocation, and other things. Taxpayers should guard against all sorts of con games that arise at any time and pick up during tax season. Tax preparers can educate their clients about the fact that the IRS usually initiates contact with taxpayers by mail, not by phone, and says it would never threaten any of those things when attempting to collect taxes. Some scammers alter caller ID numbers to make it appear as if the IRS or another agency is calling. The callers use IRS employee titles and fake badge numbers to appear legitimate. They may use the victim's name, address, and other personal information to make the call sound official.


Tax-related identity theft, together with what the IRS calls the related scams of stealing personal and financial data from taxpayers or data held by tax practitioners, remains a top concern, although the IRS says it is making progress. In 2016, the number of taxpayers reporting stolen identities on federal tax returns fell by more than 50%, with nearly 275,000 fewer victims. The Security Summit Partners, consisting of the IRS, state tax agencies, and the tax preparation industry, have applied more safeguards against this crime this year and say they will continue to step up their efforts. The annual tax preparation software survey conducted by the JofA and The Tax Adviser found that for the 2016 tax preparation season, 59% of CPA tax practitioners said one or more of their clients were victims of tax identity theft during the year. That percentage was down slightly from the 63% of respondents who answered the question the same way in 2015.


The IRS warns taxpayers to be careful to avoid unscrupulous tax return preparers. Although the vast majority of tax preparers provide honest, high-quality service, some dishonest preparers set up shop each filing season to perpetrate refund fraud, identity theft, and other scams that hurt taxpayers. Be wary of preparers who promise overly large refunds. The IRS has a list of pointers (available at taxpayers should follow when choosing a tax preparer, including the advice to never sign a blank return. Taxpayers are responsible for what is on their returns and should guard against significant penalties and interest as well as possible criminal prosecution for knowingly participating in a scam.


Scam artists set up fake charities to steal money and personal information from unsuspecting (and well-meaning) taxpayers. Many of these scammers use names that are similar to well-known charities or set up websites that look like legitimate charities; some fake charities prey on people after large natural disasters. Before taxpayers donate their hard-earned money, the IRS suggests that they check the IRS website, Exempt Organization (EO) Select Check (available at, to be sure they are giving to legitimate organizations.


According to the IRS, this scam takes many forms, from unscrupulous tax preparers contacting elderly or low-income taxpayers who normally don't file and filing returns claiming inflated refunds for them (or stealing their identities and keeping any refund). It also involves people who normally file and receive refunds falling victim to scam artists who file returns for them claiming earned income tax credits (EITCs) or education credits or otherwise inflating deductions to get taxpayers larger refunds than they are entitled to. The IRS also mentions fake Forms W-2 or 1099 claiming zero wages or other income.


The IRS mentions specifically fuel tax credit scams and research tax credit scams. Fuel tax credits are credits for excise taxes paid on fuel, which may be exempt from tax in some cases and therefore eligible for the credit to reimburse taxpayers for nontaxable uses. One example is the use of fuel in farming or other off-road purposes. But, the IRS explains, most individual taxpayers do not qualify for such credits and should not be taken in by unscrupulous preparers who fraudulently claim the credit on taxpayers' returns or who claim it as part of an identity theft refund scheme. The IRS notes that claiming the fuel tax credit fraudulently may subject a taxpayer to a $5,000 penalty for making a frivolous claim.

The research tax credit is a credit for research activities that involve a process of experimentation. Many taxpayers claim the credit for activities that do not qualify or for which they lack proper substantiation of the research expenses, which can subject them to penalties.


This scam involves taxpayers who falsely pad deductions or expenses or claim credits they are not entitled to. Included on the IRS's list are overstating charitable contributions or business expenses and I falsely claiming credits, such as the EITC.


This scam involves reporting fraudulent amounts of earned income in order to qualify for certain tax credits, such as the EITC, which requires taxpayers to have income earned from a job or business to qualify for the credit. The IRS also mentions a scam involving false Forms 1099-MISC, Miscellaneous Income. This scheme involves scammers telling taxpayers about a fictitious held-aside account for which the only way to redeem or draw on it is to use some form of made-up financial instrument such as a bonded promissory note that purports to be a debt payment method for credit cards or mortgage debt. These scammers provide fraudulent

Forms 1099-MISC that appear to be issued by a large bank, loan servicer, or mortgage company with which the taxpayer may have had a prior relationship, to further perpetrate the scheme. Scammers may also use Form 56, Notice Concerning Fiduciary Relationship, to assign fiduciary responsibilities to the lenders.


For the third consecutive year, according to the IRS, it places abusive micro-captive insurance company tax shelters on its list of the top 12 tax scams. Although the Code permits captive insurance companies if they meet certain requirements and qualify as insurance, the abusive ones involve the following type of scheme. Promoters persuade owners of closely held entities to participate in arrangements that lack many of the attributes of genuine insurance: They insure implausible risks, fail to match genuine business needs, or duplicate the taxpayer's existing coverages. Premiums may not be supported by underwriting or actuarial analysis, may be linked to a desired deduction amount, or may be much higher than premiums for comparable commercial coverage. The IRS notes that it had added these types of entities to the list of "transactions of interest" in Notice 2016-66.


The IRS warns taxpayers not to be taken in by promoters of outlandish legal arguments to avoid paying their taxes that have consistently been thrown out of court. According to IRS Commissioner John Koskinen, "Taxpayers tangled up in these scams end up paying back taxes and often stiff penalties as well." Some of the more common arguments are that taxpayers can avoid paying taxes on religious or moral grounds by invoking the First Amendment to the Constitution or that only federal employees are subject to federal income tax. Besides having to pay any unpaid taxes, plus penalties and interest, taxpayers may be subject to a $5,000 penalty for making a frivolous argument.


The IRS defines this tax scam as avoiding taxes by hiding money or other assets in unreported offshore accounts. It uses as an example of the types of schemes for evading U.S. taxes attempting to hide income in offshore banks, brokerage accounts, or nominee entities, which are then accessed using debit cards, credit cards, or wire transfers. Other taxpayers use foreign trusts, employee-leasing schemes, private annuities, or insurance plans to evade tax.

The IRS notes that it was harder for taxpayers to hide these illicit activities now that worldwide reporting has become more widespread. It points to the success of two IRS programs for taxpayers to come into compliance: the Offshore Volunteer Disclosure Program and the Streamlined Disclosure program, which is aimed at taxpayers whose failure to disclose assets was nonwillful. Together, those programs have netted $10 billion in back taxes and penalties since 2009. Taxpayers who do not disclose these foreign assets or accounts risk significant penalties as well as possible criminal prosecution, the IRS warns.
Information systems security checklist

Ongoing   Done   N/A

[]         []    []    Information systems include both automated
                       and manual systems made up of people,
                       machines, and/or methods for collecting,
                       processing, transmitting, storing, archiving,
                       and distributing data. To help ensure the
                       accuracy, validity, consistency, and
                       reliability of taxpayer data*, you should
                       manage taxpayer data information systems
                       based on the guidelines below.

[]         []    []    Grant access to taxpayer information systems
                       only on a valid need-to-know basis that is
                       determined by the individual's role within
                       the business.

[]         []    []    Put in place a written contingency plan to
                       perform critical processing in the event that
                       your business is disrupted. It should include
                       a plan to protect both electronic and paper
                       taxpayer information systems. Identify
                       individuals who will recover and restore the
                       system after disruption or failure.

[]         []    []    Periodically test your contingency plan.

[]         []    []    Back up taxpayer data files regularly (e.g.,
                       daily or weekly) and store backup information
                       at a secure location.

[]         []    []    Maintain hardware and software as needed and
                       keep maintenance records.

* Taxpayer data is defined as any information that is obtained or
used in the preparation of a tax return (e.g., income statements,
notes taken in a meeting, or recorded conversations).

Source: IRS Publication 4557, Safeguarding Taxpayer Data: A Guide
for Your Business.

Personnel security checklist

Ongoing   Done   N/A

[]         []    []    Create and distribute rules of behavior that
                       describe responsibilities and expected
                       behavior regarding computer information
                       systems as well as paper records and usage of
                       taxpayer data. Have all information system
                       users complete, sign, and submit an
                       acknowledgement that they have read,
                       understood, and agree to comply with the
                       rules of behavior.

[]         []    []    Ensure personnel from third-party providers
                       such as service bureaus, contractors, and
                       other businesses providing information
                       technology services meet the same security
                       requirements as those applied to your

[]         []    []    Address rules of behavior for computer system

[]         []    []    When interviewing prospective personnel,
                       explain the expected rules of behavior.

[]         []    []    When possible, perform a background and/or
                       reference check on new employees who will
                       have contact with taxpayer information.
                       Conduct background screenings that are
                       appropriate to the sensitivity of an assigned

[]         []    []    Screen personnel prior to granting access to
                       any paper or electronic data. This will help
                       ensure their suitability for a position
                       requiring confidentiality and trust.

[]         []    []    Have personnel who will have access to
                       taxpayer information sign nondisclosure
                       agreements on the use of confidential
                       taxpayer information.

[]         []    []    Develop and enforce formal compliance
                       policies and processes, including possible
                       disciplinary action, for all personnel who do
                       not comply with the business's established
                       information security policies and procedures.

[]         []    []    Terminate access to taxpayer information
                       (e.g., login IDs and passwords) for those
                       employees who are terminated or who no longer
                       need access.

[]         []    []    For each employee who is terminated, conduct
                       an exit interview and ensure the employee
                       returns property that allows access to
                       taxpayer information (e.g., laptops, media,
                       keys, identification cards, and building

[]         []    []    Train staff on rules of behavior for access,
                       nondisclosure, and safeguards of taxpayer
                       information. Provide refresher training

Source: IRS Publication 4557, Safeguarding Taxpayer Data: A Guide for
Your Business.

Administrative activities security checklist

Ongoing   Done   N/A

[]         []    []    Complete a risk assessment. Identify the
                       risks and potential impacts of unauthorized
                       access, use, disclosure, disruption,
                       modification, or destruction of information
                       and information systems that can be used to
                       access taxpayer data. How vulnerable are your
                       customers' data to theft, disclosure,
                       unauthorized alterations, or unrecoverable
                       loss? What can you do to reduce the impact to
                       your customers and your business in such an
                       event? What can you do to reduce

[]         []    []    Write and follow an information security plan
                       that: * Addresses every item identified in
                       the risk assessment. * Defines safeguards you
                       want affiliates and service providers to
                       follow. * Requires a responsible person to
                       review and approve the information security
                       plan. * Requires a responsible person to
                       monitor, revise, and test the information
                       security plan on a periodic (recommended
                       annual) basis to address any system or
                       business changes or problems identified.

[]         []    []    Periodically (recommended annually) perform a
                       self-assessment to: * Evaluate and test the
                       security plan and other safeguards you have
                       in place. * Document information safeguard
                       deficiencies. Create and execute a plan to
                       address them.

[]         []    []    Retain a copy of the self-assessment and
                       ensure it is available for any potential

[]         []    []    If required by the Federal Trade Commission
                       Privacy Rule, provide privacy notices and
                       practices to your customers.

[]         []    []    Specify in contracts with service providers
                       the safeguards they must follow, and monitor
                       how they handle taxpayer information.

[]         []    []    Ask service providers to give you a copy of
                       their written security policy on safeguarding

Source: IRS Publication 4557, Safeguarding Taxpayer Data: A Guide for
Your Business.
COPYRIGHT 2017 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2017 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Journal of Accountancy
Date:May 1, 2017
Previous Article:Tax Court approves surgeon's reclassification of interest in surgical center as passive: despite K-1 reporting of income as for services, the...
Next Article:Amazon leapfrogs RFID shopping.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters