Dirty Dozen: IRS scam list includes spear-phishing warning to tax pros

By Martha Waggoner

The IRS completed its annual "Dirty Dozen" list of 12 tax scams, which includes a warning for tax professionals and businesses that they remain a top target of identity thieves and that they should be cautious when opening emails that may appear to be official.

Through what is called spear phishing, identity thieves try to steal client data and the tax preparer's identity, allowing the thief to file fraudulent returns, the IRS said.

Phishing describes emails or text messages that aim to get users to provide personal information, either directly or by clicking on a link or an attachment. Spear phishing targets a specific organization or business.

Spear phishing usually begins with an email that may appear to come from a tax preparation application or another e-service or platform; it may include the IRS logo, the Service said. Some messages may tell the recipient, "Action Required: Your account has now been put on hold." These spear-phishing attempts often stress urgency and will ask tax professionals or businesses to click on links to input or verify information.

Another spear-phishing scam uses emails that appear to come from an official source as a way to target businesses' payroll or accounting departments, requesting Forms W-2, Wage and Tax Statement, for all employees.

The IRS recommends using a two-person review process when receiving these types of requests for Forms W-2. The IRS also recommends that businesses require that any requests for payroll be submitted through an official process, like the employer's human resources portal.

"It's vitally important for tax professionals and businesses to maintain a strong defense against cyberattacks like spear phishing," IRS Commissioner Danny Werfel said in a news release. "The information these businesses have on their systems is extremely valuable to an identity thief looking to steal identities and file fraudulent tax returns. There are simple steps that tax pros and businesses can take to avoid being fooled by these common schemes, including extra caution when opening emails, clicking on links, or sharing sensitive client data. Extra care can go a long way to protect tax professionals and businesses as well as their clients."

Other Dirty Dozen warnings include:

  • Inaccurate or misleading tax information on social media: The IRS cites recent examples of social media posts that encourage taxpayers to submit false or inaccurate information in order to claim a fraudulent refund. The IRS says these ploys involve both well-known forms, such as Form W-2, and more obscure ones, such as Form 8944, Preparer e-file Hardship Waiver Request, which is used by a targeted group of tax return preparers who request a waiver to file tax returns on paper rather than electronically.
  • Schemes aimed at wealthy taxpayers: These are sold by questionable tax practitioners and independent promoters and include abuse of charitable remainder annuity trusts (CRATs) and monetized installment sales. In February 2022, the Justice Department sued to shut down a scheme that it said involved at least 70 CRATs, resulting in an estimated $40 million in taxable income not being reported and $8 million in tax revenue losses. The IRS advised that these are not the only schemes focused on the wealthy that it scrutinizes.
  • Offer-in-compromise (OIC) mills: The IRS says OIC promoters mislead taxpayers into believing they can settle a tax debt for pennies on the dollar, often in television or radio ads. They charge excessive fees for information that taxpayers can get on their own and will charge those fees even when the taxpayer does not meet the technical requirements for the offer. A taxpayer can check their eligibility for free using the IRS's Offer in Compromise Pre-Qualifier tool.
  • Abusive tax-avoidance schemes: The IRS specifically mentioned syndicated conservation easements and microcaptive insurance arrangements that are used to reduce taxes or allow a filer to avoid paying any tax. As part of the Consolidated Appropriations Act, 2023, P.L. 117-328, Congress amended Sec. 170 to curb certain abusive conservation easement transactions. The latter continue to be a high priority area to enforce, the IRS said, adding that it has won all microcaptive Tax Court and appellate court cases decided on their merits since 2017.
  • Schemes with international elements: The IRS scrutinizes taxpayers who try to hide assets in offshore accounts and accounts holding digital assets, such as cryptocurrency. For people in the United States, worldwide income is taxable unless they can establish a statutory or treaty exemption.

The previous six scams in the Dirty Dozen, including employee retention credits and third-party scammers, are listed here.

— To comment on this article or to suggest an idea for another article, contact Martha Waggoner at Martha.Waggoner@aicpa-cima.com.

Where to find May’s flipbook issue

The Journal of Accountancy is now completely digital. 





Leases standard: Tackling implementation — and beyond

The new accounting standard provides greater transparency but requires wide-ranging data gathering. Learn more by downloading this comprehensive report.