WASHINGTON – Seeing the emergence of a new filing season scam, the Internal Revenue Service today urged tax professionals to step up security and beware of phishing emails that can secretly download malicious software that can help cybercriminals steal client data.

Only a few days into the filing season, the IRS has already identified a new scam that began with cybercriminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns.

In a new twist, the fraudulent returns in a few cases used the taxpayers' real bank accounts for the deposit. A woman posing as a debt collection agency official then contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to forward the money to her.

This scheme is likely just the first of many that will be identified this year as the IRS, state tax agencies and tax industry continue to fight back against tax-related identity thieves. Because the Security Summit partners have made inroads against identity theft, cybercriminals have evolved their tactics to focus on tax professionals where they can steal client data.

Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions. Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.

Tax professionals are reminded that there is a procedure for them to report data thefts to the IRS. They need only contact their state’s IRS Stakeholder Liaison, who will notify appropriate IRS officials and serve as a point of contact. All practitioners should review Data Theft Information for Tax Professionals for details about the process and the additional steps they should take.

When notified immediately IRS can take steps to help protect taxpayers from tax-related identity theft. 

IRS Criminal Investigation agents are still reviewing this latest data theft scam. However, the vast majority of data thefts occur because the tax preparer or someone in the office opened a phishing email and clicked on a link or attachment that contained malware. There are various forms of malware but some download secretly into computers and allow thieves to see each keystroke or give thieves remote access to computers. Both versions allow thieves to steal data stored on the computers.

Tax professionals should review the Security Summit’s Don’t Take the Bait campaign, which outlined the various scams used by criminals to trick practitioners.

Tax professionals are urged to seek cybersecurity experts to help better secure their data. Here’s a reminder of some basic steps tax professionals can take:

• Educate all employees about phishing in general and spear phishing in particular.
• Use strong, unique passwords. Better yet, use a phrase instead of a word. Use different passwords for each account. Use a mix of letters, numbers and special characters.
• Never take an email from a familiar source at face value; example: an email from “IRS e-Services.” If it asks you to open a link or attachment, or includes a threat to close your account, think twice. Visit the e-Services website for confirmation.
• If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize or if it’s an abbreviated URL, don’t open it.
• Consider a verbal confirmation by phone if you receive an email from a new client sending you tax information or a client requesting last-minute changes to their refund destination.
• Use security software to help defend against malware, viruses and known phishing sites and update the software automatically.
• Use the security options that come with your tax preparation software.
• Send suspicious tax-related phishing emails to phishing@irs.gov.

This newest scam also serves as a reminder to taxpayers that they should be alert to any unusual activity such as receiving a tax transcript or tax refund they did not request. Please review the Taxpayer Guide to Identity Theft for appropriate actions. 

Taxpayers who receive a direct deposit refund that they did not request should take the following steps:

1. Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS.
2. Call the IRS toll-free at 800-829-1040 (individual) or 800-829-4933 (business) to explain why the direct deposit is being returned.
3. Keep in mind interest may accrue on the erroneous refund.

There is more information at Topic Number: 161 - Returning an Erroneous Refund.

As indicated in the IRS News Release #IR-2018-17, seeing the emergence of a new filing season scam, the Internal Revenue Service today urged tax professionals to step up security and beware of phishing emails that can secretly download malicious software that can help cyber-criminals steal client data. Only a few days into the filing season, the IRS has already identified a new scam that began with cyber-criminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns. Please take a look for additional information.

Reminder: If you are an e-Services account holder, please re-register now through the more rigorous Secure Access authentication process. Additional toll-free personnel currently helping e-Services users soon will return to their primary jobs of assisting taxpayers.

E-Services users who wait until they need immediate access to their account may encounter unexpected delays.  So far, 65,000 e-Services account holders already have successfully registered through Secure Access.

To get started, first review Secure Access: How to Register for Certain Online Self-Help Tools to determine what you need to be successful and FAQs about e-Services and Secure Access, including common errors.

This is a reminder that wage statements and independent contractor forms must be filed with the government by January 31. This date applies to both electronic and paper filers.

The Section 201(a) of the Protecting Americans from Tax Hikes (PATH) Act includes a requirement for employers to file their copies of Form W-2 and Form W-3 with the Social Security Administration by the end of January.

This deadline also applies to certain Forms 1099-MISC filed with the IRS to report non-employee compensation payments in box 7.

Early filing makes it easier for the IRS to verify income that individuals report on their tax returns and helps prevent fraud. Failure to file these forms correctly and timely may result in penalties.

WASHINGTON – The Internal Revenue Service, state tax agencies and the tax industry today urged all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last year.

The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.

Reports to phishing@irs.gov from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.

By alerting employers now, the IRS and its partners in the Security Summit effort hope to limit the success of this scam in 2018. The IRS last year also created a new process by which employers should report these scams. There are steps the IRS can take to protect employees, but only if the agency is notified immediately by employers about the theft.

Here’s how the scam works: Cybercriminals do their homework, identifying chief operating officers, school executives or others in positions of authority. Using a technique known as business email compromise (BEC) or business email spoofing (BES), fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees.

The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. Criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.

The initial email may be a friendly, “hi, are you working today” exchange before the fraudster asks for all Form W-2 information. In several reported cases, after the fraudsters acquired the workforce information, they immediately followed that up with a request for a wire transfer.

In addition to educating payroll or finance personnel, the IRS and Security Summit partners also urge employers to consider creating a policy to limit the number of employees who have authority to handle Form W-2 requests and that they require additional verification procedures to validate the actual request before emailing sensitive data such as employee Form W-2s.

If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft. However, because of the nature of these scams, some businesses and organizations did not realize for days, weeks or months that they had been scammed. 

The IRS established a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:

• Email dataloss@irs.gov to notify the IRS of a Form W-2 data loss and provide contact information, as listed below.
• In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
• Include the following:
• Business name
• Business employer identification number (EIN) associated with the data loss
• Contact name
• Contact phone number
• Summary of how the data loss occurred
• Volume of employees impacted

Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to phishing@irs.gov and use “W2 Scam” in the subject line.

Employers can learn more at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.

Employers should be aware that cybercriminals’ scams constantly evolve. Finance and payroll personnel should be alert to any unusual requests for employee data.

WASHINGTON ─ The Internal Revenue Service today strongly encouraged taxpayers who are seriously behind on their taxes to pay what they owe or enter into a payment agreement with the IRS to avoid putting their passports in jeopardy.

This month, the IRS will begin implementation of new procedures affecting individuals with “seriously delinquent tax debts.” These new procedures implement provisions of the Fixing America’s Surface Transportation (FAST) Act, signed into law in December 2015. The FAST Act requires the IRS to notify the State Department of taxpayers the IRS has certified as owing a seriously delinquent tax debt. See Notice 2018-1. The FAST Act also requires the State Department to deny their passport application or deny renewal of their passport. In some cases, the State Department may revoke their passport.

Taxpayers affected by this law are those with a seriously delinquent tax debt.  A taxpayer with a seriously delinquent tax debt is generally someone who owes the IRS more than $51,000 in back taxes, penalties and interest for which the IRS has filed a Notice of Federal Tax Lien and the period to challenge it has expired or the IRS has issued a levy.

There are several ways taxpayers can avoid having the IRS notify the State Department of their seriously delinquent tax debt. They include the following:

• Paying the tax debt in full
• Paying the tax debt timely under an approved installment agreement,
• Paying the tax debt timely under an accepted offer in compromise,
• Paying the tax debt timely under the terms of a settlement agreement with the Department of Justice,
• Having requested or have a pending collection due process appeal with a levy, or
• Having collection suspended because a taxpayer has made an innocent spouse election or requested innocent spouse relief.

A passport won’t be at risk under this program for any taxpayer: 

• Who is in bankruptcy
• Who is identified by the IRS as a victim of tax-related identity theft
• Whose account the IRS has determined is currently not collectible due to hardship
• Who is located within a federally declared disaster area
• Who has a request pending with the IRS for an installment agreement
• Who has a pending offer in compromise with the IRS
• Who has an IRS accepted adjustment that will satisfy the debt in full

For taxpayers serving in a combat zone who owe a seriously delinquent tax debt, the IRS postpones notifying the State Department and the individual’s passport is not subject to denial during this time.

In general, taxpayers behind on their tax obligations should come forward and pay what they owe or enter into a payment plan with the IRS. Frequently, taxpayers qualify for one of several relief programs, including the following:

• Taxpayers can request a payment agreement with the IRS by filing Form 9465. Taxpayers can download this form from IRS.gov and mail it along with a tax return, bill or notice. Some taxpayers can use the online payment agreement to set up a monthly payment agreement for up to 72 months.
• Some financially distressed taxpayers may qualify for an offer in compromise. This is an agreement between a taxpayer and the IRS that settles the taxpayer’s tax liabilities for less than the full amount owed. The IRS looks at the taxpayer’s income and assets to determine the taxpayer’s ability to pay. To help determine eligibility, use the Offer in Compromise Pre-Qualifier, a free online tool available on IRS.gov.

IRS.gov has other tips for taxpayers to catch up on their filing and tax obligations and more information about the revocation or denial of passports because of unpaid taxes.

This Jan. 17 webinar features OPR Director Stephen Whitlock and includes a live question and answer session at the end of the presentation.

Topics include:

• Regulations governing tax practice before the IRS (Circular 230, Rev. 6/2014)
• Due diligence obligations of tax professionals
• Overview of other key Circular 230 provisions
• Practitioner responsibilities to their clients and to the tax administration system
• Best practices for all tax professionals
• Office of Professional Responsibility policies and procedures

Register for the webinar

Earn two CE credits in ethics.

All Forms 8809, Application for Extension of Time to File Information Returns, filed on paper are now processed by the Internal Revenue Service Center in Ogden, Utah. These paper forms must be mailed. Faxes will not be accepted.

The mailing address is:

Department of the Treasury
Internal Revenue Service Center
Ogden, UT 84201-0209

The IRS will only grant extensions for very specific reasons. For example, records were lost in a disaster or someone responsible for filing the company’s returns has an unavoidable absence.  

Tax professionals can protect their clients’ data by simply looking around the office. Look for places where data is kept or stored and assess whether that data is secure. Keep in mind that unsecured data will not always be on a computer. In fact, securing office space is as important as securing computers. In assessing how secure an office is, preparers should consider six questions.

See Protect Your Clients, Protect Yourself for more.

WASHINGTON ― The Internal Revenue Service announced today that the nation’s tax season will begin Monday, Jan. 29, 2018 and reminded taxpayers claiming certain tax credits that refunds won’t be available before late February.

The IRS will begin accepting tax returns on Jan. 29, with nearly 155 million individual tax returns expected to be filed in 2018. The nation’s tax deadline will be April 17 this year – so taxpayers will have two additional days to file beyond April 15. 

Many software companies and tax professionals will be accepting tax returns before Jan. 29 and then will submit the returns when IRS systems open. Although the IRS will begin accepting both electronic and paper tax returns Jan. 29, paper returns will begin processing later in mid-February as system updates continue. The IRS strongly encourages people to file their tax returns electronically for faster refunds.

The IRS set the Jan. 29 opening date to ensure the security and readiness of key tax processing systems in advance of the opening and to assess the potential impact of tax legislation on 2017 tax returns.

The IRS reminds taxpayers that, by law, the IRS cannot issue refunds claiming the Earned Income Tax Credit (EITC) and the Additional Child Tax Credit (ACTC) before mid-February. While the IRS will process those returns when received, it cannot issue related refunds before mid-February. The IRS expects the earliest EITC/ACTC related refunds to be available in taxpayer bank accounts or on debit cards starting on Feb. 27, 2018, if they chose direct deposit and there are no other issues with the tax return.    The IRS also reminds taxpayers that they should keep copies of their prior-year tax returns for at least three years. Taxpayers who are using a tax software product for the first time will need their adjusted gross income from their 2016 tax return to file electronically. Taxpayers who are using the same tax software they used last year will not need to enter prior-year information to electronically sign their 2017 tax return. Using an electronic filing PIN is no longer an option. Taxpayers can visit IRS.gov/GetReady for more tips on preparing to file their 2017 tax return.

April 17 Filing Deadline  

The filing deadline to submit 2017 tax returns is Tuesday, April 17, 2018, rather than the traditional April 15 date. In 2018, April 15 falls on a Sunday, and this would usually move the filing deadline to the following Monday – April 16. However, Emancipation Day – a legal holiday in the District of Columbia – will be observed on that Monday, which pushes the nation’s filing deadline to Tuesday, April 17, 2017. Under the tax law, legal holidays in the District of Columbia affect the filing deadline across the nation.

The IRS also has been working with the tax industry and state revenue departments as part of the Security Summit initiative to continue strengthening processing systems to protect taxpayers from identity theft and refund fraud. The IRS and Summit partners continued to improve these safeguards to further protect taxpayers filing in 2018.

Refunds in 2018

Choosing e-file and direct deposit for refunds remains the fastest and safest way to file an accurate income tax return and receive a refund. The IRS expects more than four out of five tax returns will be prepared electronically using tax software.

The IRS still anticipates issuing more than nine out of 10 refunds in less than 21 days, but there are some important factors to keep in mind for taxpayers.

By law, the IRS cannot issue refunds on tax returns claiming the Earned Income Tax Credit or the Additional Child Tax Credit before mid-February. This applies to the entire refund — even the portion not associated with the EITC and ACTC.

The IRS expects the earliest EITC/ACTC related refunds to be available in taxpayer bank accounts or on debit cards starting on Feb. 27, 2018, if those taxpayers chose direct deposit and there are no other issues with the tax return. This additional period is due to several factors, including banking and financial systems needing time to process deposits.

After refunds leave the IRS, it takes additional time for them to be processed and for financial institutions to accept and deposit the refunds to bank accounts and products. The IRS reminds taxpayers many financial institutions do not process payments on weekends or holidays, which can affect when refunds reach taxpayers. For EITC and ACTC filers, the three-day holiday weekend involving Presidents’ Day may affect their refund timing.

The Where's My Refund? ‎tool on IRS.gov and the IRS2Go phone app will be updated with projected deposit dates for early EITC and ACTC refund filers in late February. Taxpayers will not see a refund date on Where's My Refund? ‎or through their software packages until then. The IRS, tax preparers and tax software will not have additional information on refund dates, so Where’s My Refund? remains the best way to check the status of a refund.

IRS Offers Help for Taxpayers

The IRS reminds taxpayers they have a variety of options to get help filing and preparing their tax return on IRS.gov, the official IRS website. Taxpayers can find answers to their tax questions and resolve tax issues online. The Let Us Help You page helps answer most tax questions, and the IRS Services Guide links to these and other IRS services.

Taxpayers can go to IRS.gov/account to securely access information about their federal tax account. They can view the amount they owe, pay online or set up an online payment agreement; access their tax records online; review the past 18 months of payment history; and view key tax return information for the current year as filed. Visit IRS.gov/secureaccess to review the required identity authentication process.

In addition, 70 percent of the nation’s taxpayers are eligible for IRS Free File. Commercial partners of the IRS offer free brand-name software to about 100 million individuals and families with incomes of $66,000 or less.

The online fillable forms provide electronic versions of IRS paper forms to all taxpayers regardless of income that can be prepared and filed by people comfortable with completing their own returns.

Volunteer Income Tax Assistance (VITA) and Tax Counseling for the Elderly (TCE) offer free tax help to people who qualify. Go to IRS.gov and enter “free tax prep” in the search box to learn more and find a nearby VITA or TCE site, or download the IRS2Go smartphone app to find a free tax prep provider. If eligible, taxpayers can also locate help from a community volunteer. Go to IRS.gov and click on the Filing tab for more information.

The IRS also reminds taxpayers that a trusted tax professional can provide helpful information and advice. Tips for choosing a return preparer and details about national tax professional groups are available on IRS.gov.