How TIGTA stymied an IRS impersonation scam

New technologies aided a massive phone scam, but investigators turned the tables on the scheme, which allegedly caused ‘hundreds of millions of dollars’ in taxpayer losses.
By Drew Adamek

 Timothy Camus, who recently retired as a TIGTA deputy inspector general, led a team that investigated an IRS impostor scheme that stole at least  $61.9 million from 12,469 victims.
Timothy Camus, who recently retired as a TIGTA deputy inspector general, led a team that investigated an IRS impostor scheme that stole at least $61.9 million from 12,469 victims. (Photo by Allison Shelley/AP Images)

On Nov. 24, 2014, a woman named Diana received a menacing phone call in Hernando, Miss., a small city nestled in the northwest corner of the state. A caller purporting to be an IRS agent claimed she owed back taxes and told her that agents were waiting to arrest her unless she paid up immediately. The caller was insistent, threatening, and urging her to act quickly.

The demands eventually produced the desired result: After the "agent" ordered her to withdraw $19,625 in cash, Diana bought 21 prepaid cards called MoneyPaks equaling that amount at a local store. After purchasing the cards, she read the unique serial number off each MoneyPak card to the caller, effectively giving him all her money.

The caller wasn't actually an IRS agent; he was an impostor from Worldwide Solution, a call center in India. No agents waited outside. Diana owed no back taxes. Hers just happened to be one of the millions of phone numbers dialed by an international conspiracy of con artists running a series of impostor schemes, according to a federal indictment issued in October 2016.

Diana, whose full name wasn't disclosed in the indictment, along with thousands of other Americans, had fallen prey to an age-old scam with a modern, technological twist that would take investigators years to dismantle.

"The premise of the scam has been around for a long time, but technology has allowed the scammers to reach farther into the population because of all the methods that they have now to target their victims," said Amy Nofziger, regional director with the AARP Fraud Watch Network.

That new technology-based reach would turn this old scam into one of the largest IRS impersonation scams ever. Scammers swindled thousands of people out of millions of dollars. It took a three-year investigation by multiple federal agencies, local police departments, and states' attorneys general to stymie the scam. Ultimately, federal prosecutors in the fall of 2016 charged 56 people and five companies, some of which were based in India.

And while authorities stymied this impersonation ring, there is the constant threat of another one taking its place at any time; the technology is widely available, the lure of big money is too tempting for criminals, and, too often, victims don't have the information they need to avoid being scammed. CPAs, especially those with tax practices, need to understand how the scam worked so that they can help protect clients from similar schemes in the future (see the sidebars "How to Avoid Becoming a Scam Victim" and "Spotting Fraud Victims").

WHAT HAPPENED NEXT

After the phone call, Diana's money instantly vanished into an untraceable web of fraud and money laundering.

Within hours, the caller and his conspirators used those serial numbers to transfer her money to 12 general-purpose reloadable (GPR) cards, debit cards unassociated with a bank account, that could be funded and reloaded with prepaid stored-value cards such as MoneyPaks. The scammers covered their tracks carefully. While the law requires that cardholders register their GPR cards, each GPR card that received Diana's scammed money was registered to one of seven stolen identities. Her money had become electronic, atomized, and anonymous.

In several states across the country, the scammers quickly liquidated Diana's money. That same day, over 1,400 miles from Hernando, at a Mesa, Ariz., Walmart, a man used a GPR card funded with Diana's stolen money to buy two money orders, according to federal prosecutors.

By the end of the day that she received the call, scammers had "vacated" the remaining 11 GPR cards funded with Diana's money in Arizona and Maryland, according to federal prosecutors. Her money had moved so quickly, and was so widely dispersed, that she couldn't recover it if she tried.

"Once you load that card and burn what's on that card, there's really very little potential for tracing," said anti-money-laundering expert Dennis Lormel, former chief of the FBI's financial crimes section. "It's not like a traditional bank fraud where there's a transactional footprint."

UNPRECEDENTED SCALE

This scenario played out thousands of times across the country for three years. Aided and abetted by a few simple new technologies, what had once been a low-rent "boiler room" scam, with limited reach and rewards, had exploded into a massive, multinational conspiracy that netted millions of dollars.

"This is the largest scam of this type we've ever seen," said the AARP's Nofziger, whose program operates a national fraud helpline. "Every hour we received calls claiming that someone had just called them."

The scale of the scheme was mind-boggling. Scammers stole $61.9 million from 12,469 victims, according to the office of the Treasury Inspector General for Tax Administration (TIGTA), the main body charged with investigating the scheme. However, that number could be much higher — the federal indictment of the five call centers in Ahmedabad, India, and the 56 conspirators cites "hundreds of millions of dollars of victim losses derived from persons located throughout the United States."

There were variations on the scam — sometimes callers impersonated U.S. Citizenship and Immigration Services (USCIS) and threatened deportation unless victims paid up, or they offered loans or prizes requiring a deposit — but since scammers were largely impersonating IRS agents, the main investigative effort fell to the Treasury Department. Timothy Camus, a recently retired TIGTA deputy inspector general for investigations, played a key role in the investigation.

It wasn't the first time Camus, whose measured cadence belies a passion for catching fraudsters, had seen this type of scam. One of his first investigations as a rookie agent in 1991 was chasing down boiler-room con men posing as IRS agents to bilk seniors out of money. However, in those earlier cases, the con artists were limited by long-distance calling expenses and manual dialing — and their activities created an easily traceable money trail.

When the newest iteration of the scam first appeared in early 2013, investigators discovered that the scheme had evolved into something bigger and more complex.

"The sheer volume of calls that were coming in was unprecedented," Camus said. "It sounded like, from the descriptions [from] the victims, that the people were from India. It led us to believe it was a scam that was being launched offshore."

The combination of a foreign origin, the colossal call volume, the unusually high number of victims, and the apparent coordination set this fraud apart. By October 2013, TIGTA made investigating the scam a priority.

"We were getting persistent reporting on the scam," Camus said. "We realized that it was a concerted effort, and we determined that we really needed to pay close attention and address it."

TIGTA, along with the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC), began collecting data — the number of reported calls, number of reported victims, numbers being used by scammers — to gauge the scale of the scam. What they found was incredible.

At the height of the scam, investigators logged 45,000 reported calls to people across the country within a single week, with 350 reported victims who turned over money to the scammers, according to Camus. Federal prosecutors allege that the conspirators used "approximately 1,500" telephone numbers to make the fraudulent calls. A recent survey by the AARP Foundation in Colorado found that 63% of the state's population over the age of 50 had received an IRS impersonation scam call, according to Nofziger. But it wasn't just seniors. People across all demographics, including investigators, were receiving calls from the scammers.

"They were indiscriminate about who they were calling," Camus said. "I received calls. My boss received calls. The commissioner of the Internal Revenue Service received calls."

TECHNOLOGICAL TOOLS

Unlike previous versions of this scam, new technological tools allowed the Indian call centers to operate on a vast scale. Voice over Internet Protocol (VoIP), or internet calling technology like Skype, made calling anyone, from anywhere in the world, free. Criminals no longer worried about long-distance charges or having their phone lines traced to their physical location.

"By using internet technology that wasn't available in the '90s, they were able to do this crime for very little investment," Camus said. "It would have been impossible to pull off the scheme at the rate that they were going [back then]."

A second new technology, combined with VoIP, magnified the efficiency and capacity of the scam. The Magic Jack, a commercially available dialing apparatus, uses VoIP to make calls from either a telephone or a computer. The Magic Jack also allowed scammers to choose which phone number showed up on a recipient's caller ID, a practice called spoofing.

"The impersonators were using the IRS's 1-800 toll-free number and spoofing it to make it appear like the IRS was calling them," Camus said. "The IRS would never call out using that number. But, if anybody did any research, it would be affiliated with IRS."

Spoofed calls that appeared to be coming from the IRS itself added an "air of legitimacy" to the scammer's intimidation tactics, according to Marti DeLiema, Ph.D., a fraud prevention researcher at the Stanford Center on Longevity at Stanford University. Scammers preyed upon the belief that the calls were coming from the IRS in multiple ways.

"In a lot of other countries, this scam would not work," said DeLiema. "But because we have this innate fear of the IRS, and our tax system is so complex, it's really easy to exploit that fear that they made a mistake or intentionally tried to cheat on their taxes."

But what really made this a monumental operation was automated-dialing technology. An auto-dialer, or robocaller, is either a physical device or computer program that automatically dials phone numbers and can either play a message or transfer the call to a live operator. Auto-dialers are often used during political campaigns to quickly reach large numbers of voters with robocalls.

"When they started using the auto-dialer technology, the reports that we were receiving went through the roof," Camus said.

But investigators had access to the same technology and used it to stymie the impersonators. While the FTC, the FCC, and the U.S. Attorney General's Office would not comment on active investigative techniques, TIGTA has been open with the ways it combated the scammers.

Working with the FTC, the FCC, and telecom industry groups, investigators blocked calls from identified scammer numbers and took down identified impersonator-affiliated phone numbers.

"We used call block, and when we started using that technology, over a 2.5-month period, there were over 2 million calls that were blocked," Camus said.

Investigators also used the same auto-dialer technology to jam the scammers' phone lines with messages that the scheme was a violation of federal law.

"It was a cat-and-mouse game. We'll never know how many people were protected, but we think quite a few people were protected by using these various technological approaches," Camus said.

HARD-TO-TRACK TRANSFERS

Preventing scammers from reaching their victims helped investigators slow down the scam, but following the stolen money proved much more difficult. The money rarely produced records — in part due to the use of difficult-to-trace gift cards. But there was another reason: Once the proceeds were liquidated into cash, they were moved through "hawala," an informal, trust-based banking system used by Indians in the United States and India.

The intricacies of how hawala works are beyond the scope of this article. But the importance of its use in the scam is more easily summed up by Camus.

"It was difficult for law enforcement because we would figure out, 'Oh, that money ended up being deposited in this person's account, but they're not criminally liable,'" he said. "They didn't know it was the proceeds of a criminal enterprise."

With the difficulty of tracing the money from source to end point, investigators needed to find another way to tie conspirators to the crime. Ultimately, investigators tracked electronic communications about money transfers that included the MoneyPak and GPR card serial numbers provided by victims. That's how prosecutors reconstructed in the indictment what happened to Diana's money; conspirators sent each other texts, emails, and instant messages with her information, tying themselves to the movement of her money.

The Department of Justice brought charges against the 56 individuals in India and the United States and the five India-based companies in October 2016. To date, 24 U.S.-based defendants have pleaded guilty and have been sentenced. Their sentences range from 20 years in federal prison to probation. Conspirators were also ordered to repay over $8.9 million in total restitution and forfeit more than $72 million. The India-based defendants have not yet been arraigned.

But phones are still ringing around the country.

"It continues to be a very high priority for our agency because taxpayers are still receiving these calls," said Karen Kraushaar, director of communications for TIGTA. "While we've made significant progress in the investigation, additional individuals must be brought to justice."

The battle to protect people continues — and CPAs can play a key role on the front lines by helping warn clients about how schemes like this one work.

"There's always somebody willing to take the next person's place," the AARP's Nofziger said. "That's why education is so important. We can continue to chase, but education, prevention, and our hard-won vigilance is, in my opinion, the number one thing."


About the author

Drew Adamek is a JofA senior editor. To comment on this article or to suggest an idea for another article, contact him at Andrew.Adamek@aicpa-cima.com or 919-402-4607.


AICPA resources

CPE self-study

  • Protecting Your Client and Your Firm From Tax Return Identity Theft (#166090, online access; #GT-166090, group pricing)

Webpages

  • Identity Theft Tax Advocacy Efforts, aicpa.org
  • Tax Identity Theft Information and Tools, aicpa.org

SPONSORED REPORT

2019 State of Financial Reporting Survey

We surveyed nearly 600 finance and accounting professionals on their month-end close and reporting processes. See the results.

VIDEO

What RPA is and how it works

Robotic process automation is like an Excel macro that can work on multiple applications, says Danielle Supkis Cheek, CPA. RPA can complete routine, repetitive tasks such as data entry, freeing up employee time from lower-level chores.