The Internal Revenue Service (IRS) has issued a warning about a new twist on the old IRS impersonation phone scam. In this version of the scam, criminals try to convince taxpayers that they are calling from the Taxpayer Advocate Service (TAS).
The TAS is an independent organization within the IRS. Its missions is to protect your rights as a taxpayer and to help you with tax problems you can’t resolve on your own. TAS does not initiate calls to taxpayers; generally, you reach out to TAS for help, and only then would TAS make a call or otherwise contact you. You can check out the TAS website here.
In the most recent scam variation, callers “spoof” the telephone number of the IRS TAS office in Houston or Brooklyn. When calls are spoofed, the scammers have changed the caller ID to make it look like they are calling from the agency, such as the IRS TAS.
Calls may be “robo-calls” or automated calls that request a call back. Once the taxpayer returns the call, the scammer requests personal information, like your Social Security number or other personally identifiable information.
In previous variations of the IRS impersonation phone scam, fraudsters demand immediate payment of taxes by a prepaid debit card, wire transfer or gift cards. Scammers may also tell potential victims that they are entitled to a large refund, but the refund can’t be released until the taxpayers provide personal information.
No matter the details, the scams typically have these things in common:
- Scammers use fake names and IRS badge numbers to identify themselves.
- Scammers may know the last four digits of the taxpayer’s Social Security number.
- Scammers spoof caller ID to make the phone number appear as if the IRS or another local law enforcement agency is calling.
- Scammers may send bogus IRS emails to victims to support their bogus calls.
- Potential victims may hear background noise of other calls to mimic a call site (many of these calls come from fraudulent call centers like this one).
- After threatening potential victims with jail time or other punishment, scammers may hang up and call back pretending to be from local law enforcement agencies or the Department of Motor Vehicles (again, spoofing calls so that the caller ID again supports the claim).
As a reminder, the IRS will never:
- Call to demand immediate payment over the phone, nor will the IRS call about taxes owed without first having mailed you a bill.
- Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
- Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
- Require you to use a specific payment method for your taxes, such as a prepaid debit card, gift card or wire transfer.
- Ask for credit or debit card numbers over the phone.
Despite increased publicity about these kinds of scams, reports of phone scams increased in 2018, with the IRS reporting receipt of thousands of such complaints each week. These phone scams are “a major threat to taxpayers” and as such, continued to hold down a top spot on the IRS “Dirty Dozen” list of tax scams.
Don’t engage or respond with scammers. Here’s how to protect yourself:
- If you receive a call from someone claiming to be from the IRS, and you do not owe tax, or if you are immediately aware that it’s a scam, don’t engage with the scammer and do not give out any information. Just hang up.
- If you receive a telephone message from someone claiming to be from the IRS, and you do not owe tax, or if you are immediately aware that it’s a scam, don’t call them back.
- If you receive a phone call from someone claiming to be with the IRS, and you owe tax or think you may owe tax, do not give out any information. Call the IRS back at 1.800.829.1040 to find out more information.
- Never open a link or attachment from an unknown or suspicious source.
- If you’re not sure about the authenticity of an email, don’t click on hyperlinks. A better bet is to go directly to the source’s main Web page.
- Use security software to protect against malware and viruses found in phishing emails.
- Use strong passwords to protect online accounts and use a unique password for each account. Longer is better, and don’t hesitate to lie about important details on websites since crooks may know some of your personal details.
- Use two or multifactor authentication when possible. Two-factor authentication means that in addition to entering your username and password, you typically enter a security code sent to your mobile phone or other device.
Don’t fall for the tricks. Keep your personal information safe by remaining alert. And, when in doubt, assume it’s a scam.