Did You Know Your Business Is Targeted in Tax Scams?

*Originally posted March 27, 2017. Updated January 21, 2020.*

Business tax scams are big business for criminals looking to make a financial gain using your employees’ and business information. Being aware of the schemes criminals are carrying out and the tactics they use to employ them can give your business the best chance to deflect such advances.

Tax scams can be difficult to detect, and they persist because they continue to work. While these types of scams peak during tax season, scammers never take a break. Here are three categories of tax scams to keep on your radar.

W-2 Phishing Scams

In 2019, over 40% of phishing schemes were crafted to lure individuals into divulging personal information, according to the 2019 Global Phish Report. For the past couple of years, the most effective scams have been the W-2 scam and business email compromise (BEC).

In 2019, federal authorities investigating BEC schemes found that more than 250,000 identities were stolen and used to file more than 10,000 fraudulent tax returns.

Business Tax Scam QuestionsHow does it happen?

The Internal Revenue Service (IRS) continues to alert tax preparers, payroll and Human Resources professionals that phishing attacks are the primary method hackers use to perpetrate W-2 scams. The phisher poses as a legitimate employee within your organization (typically the CEO or a member of the finance team) requesting W-2 information via email. To best lure you into their trap, scammers may also pose as a legitimate software company or other vendors to prompt you to click links that will install malware and give the scammer access to your device. The tax documents along with other Personally Identifiable Information (PII) of your employees are then used to file fraudulent tax returns, directing their hard-earned money to a scammer’s bank account.

How can you protect your business?

The best action you can take is to be cautious about the emails you receive. However, this can be easier said than done if you receive emails that appear to be from employees, colleagues, or third-party vendors. Considering the frequency with which scammers masquerade as legitimate sources — even spoofing email addresses of those you know — you must review every email with care.

IRS Intimidators

Tax scammers, hoping to legitimize their ploy, operate under the guise of IRS employees. As this method continues to be quite effective, IRS tax scams have proliferated for several years. Between the serious nature of paying and filing taxes and the anxiety the IRS tends to elicit, scammers harness this power to command attention and urgency through intimidation. 

How does it happen?

Once again, the success of phishing emails makes it a favored tool to pull off IRS tax scams. The emails may feature the IRS logo and could be addressed to a specific name or just “taxpayer.” Among the fraudulent messages, they may claim you are owed a refund, need to supply missing information, or must pay a bill. You will be prompted to provide sensitive data via a link that will either download malware onto your device or link you to a realistic-looking, but malware-infected, website.   

While phishing emails have become increasingly sophisticated, they haven’t replaced tax scam phone calls. This method readily persists and may be performed by a live person or an automated system. The fake IRS agent may threaten to revoke your business license or arrest if you fail to provide sensitive information (like your Employer Identification Number, Social Security number, financial account information) and pay a fine immediately.

IRS Impersonator EmailWhat can you do to protect

your business?

Don’t click on any links within an email claiming to be from the IRS. Likewise, never provide sensitive data or payment information over the phone. The IRS will never email or call you to pay a bill or obtain personal information.

Social Scammers

Many businesses tap into social networks as a marketing tool to reach new audiences and grow their business. According to a survey by Manifest, nearly 87 percent of small business owners engage in social media marketing for their businesses. 

It is easy to overlook the cons of integrating social media with your business — in this case, the con-artists. Given the pervasive role of social media, it has become an increasingly popular method that scammers use to exploit victims.

How does it happen?

Scammers will do whatever is necessary to carry out scams – from standing up fake social media accounts posing as one of your business’ vendors, or a fake charity to hacking into legitimate accounts. They may even use additional phishing tactics to connect with you through your posts, through direct messages containing malicious links or urgent requests directing you to spoofed web pages. The IRS is also on social media, and impersonators may attempt to contact you for sensitive tax information.

What can you do to protect your business?

Just as you should not click on links within potential phishing emails, be wary of links you receive through social media accounts. Additionally, keep in mind that links in social media messages tend to be shortened URLs, making it nearly impossible to validate. Despite social media being the “sharing” platform, it is definitely not the place to share any of your business’ sensitive information.

Knowing the signs to watch for should give you greater confidence in protecting yourself and your business from these notorious business-related tax scams.

Tips to Protect Your Small Business from Tax Scams:

  1. Develop and implement a company-wide security awareness program. Make it everyone’s priority to protect company information for the benefit of your employees, your customers, and the long-term health of your business.
  2. Don’t rely on email alone: confirm requests for transfers of funds by using phone verification or face-to-face meetings. Only use previously known phone numbers to authenticate transfer requests and verify the requests in person whenever possible.
  3. Report any suspicious emails that may be a phishing attempt, IRS tax scam email or phone call. Contact the Treasury Inspector General for Tax Administration (TIGTA) as soon as possible. 
  4. Keep up to date with the latest tax scams: The IRS keeps a running list of scams for consumers and businesses to be aware of, called “The Dirty Dozen”.

Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!

Follow us on social!
Facebook | Twitter | LinkedIn 


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.