Did You Know Your Business Is Targeted in Tax Scams?

Scammers love businesses — big businesses, small businesses, your business, your friend’s business, and especially businesses willing to fall for tax scams. Being aware of the schemes criminals are carrying out and the tactics they use to employ them can give your business the best chance to deflect such advances. 

Tax scams can be difficult to detect, and they persist because they continue to work. In short, tax scams put you up against dedicated competition.

While these types of scams peak during tax season, scammers never take a break. Here are four categories of tax scams to keep on your radar.


For the past couple of years, the most effective scams have been the W-2 scam and business executive compromise (BEC). These scams have proven so prolific that, in Feb. 2017, the Internal Revenue Service (IRS) issued an alert to all employers that scammers are targeting school districts, tribal organizations and nonprofit organizations. It seems no entity is off limits to scammers.

Even if your business doesn’t fit into a targeted category, you can still be targeted in the W-2 scam. Scammers will use stolen W-2 information to file for fraudulent refunds or commit identity theft.

How does it happen?
According to Infosec Institute, phishing attacks are the primary method hackers use to perpetrate W-2 scams. The phisher poses as a legitimate employee within your organization (typically the CEO or a member of the finance team) requesting W-2 information via email. In general, targeted attacks have increased exponentially. Symantec states in its 2015 Internet Security Threat Report that while large companies remain the prime target of these attacks, small businesses (those with under 250 employees) were hit by 43 percent of global spear-phishing attacks — up from 18 percent in 2011.

Business Tax Scams calloutEven before attacks become targeted, scammers are busy determining how to best lure you into their trap. They may pose as a legitimate software company or other vendor to prompt you to click links that will install malware and give the scammer access to your device.

How can you protect your business?
The best action you can take is to be cautious about the emails you receive. However, this can be easier said than done if you receive emails that appear to be from employees, colleagues or third-party vendors. Considering the frequency with which scammers masquerade as legitimate sources — even spoofing email addresses of those you know — you must review every email with care.



Tax scammers, hoping to legitimize their ploy, operate under the guise of IRS employees. As this method continues to be quite effective, IRS tax scams have proliferated for several years. After all, what tax-paying citizens wouldn’t respond to the IRS? Between the serious nature of paying and filing taxes and the anxiety the IRS tends to elicit, scammers harness this power to command attention and urgency through intimidation.  

How does it happen?
Once again, the success of phishing emails makes it a favored tool to pull off IRS tax scams. The emails may feature the IRS logo and could be addressed to a specific name or just “taxpayer.” Among the fraudulent messages, they may claim you are owed a refund, need to supply missing information or must pay a bill. You’ll be prompted to provide sensitive data via a link that will either download malware onto your device or link you to a realistic-looking, but malware-infected, website.   

Screen Shot 2017-03-24 at 10.49.28 AM

Source: NASA Federal Credit Union

While phishing emails have become increasingly sophisticated, they haven’t replaced tax scam phone calls. This method readily persists, and may be performed by a live person or an automated system. The fake IRS agent may threaten to revoke your business license or arrest if you fail to provide sensitive information (like your Employer Identification Number, Social Security number, financial account information) and pay a fine immediately.

What can you do to protect yourself?
Don’t click on any links within an email claiming to be from the IRS. Likewise, never provide sensitive data or payment information over the phone. The IRS will never email or call you to pay a bill or obtain personal information. Report any IRS tax scam emails or phone calls to the U.S. Treasury Inspector General for Tax Administration as soon as possible.


One great way for businesses to reduce current income tax liability is to defer income through charitable donations. Many SMBs do this toward the end of the year, but any time can be a good time to lessen tax burdens and help an important cause. Just make sure your hard-earned money is going to a legitimate charity. Scammers often create names similar to well-known, reputable organizations.

How does it happen?
Presenting themselves as charity representatives, scammers prey on people’s sympathy to convince them to give money over the phone. If denied, they will typically offer to mail you a brochure or letter so you can send in your payment.  

What can you do to protect yourself?
Do your homework. Investigate charities before you hand over a single penny. Search for their name online to validate their existence and reputation, and verify their IRS 501(c)(3) status.  

Contributing to a fake organization isn’t going to yield any tax breaks and it could allow scammers to commit identity crimes with your information.  



With 1.23 billion people logging onto Facebook each day (as of Dec. 2016), 313 million Twitter users per month (as of June 2016) and over 467 million registered members on Linkedin (since Oct. 2016), social media consumption continues to grow. Chances are that you are among the many businesses tapping into this network as a marketing tool. According to Social Media Examiner’s 2015 report, 96 percent of small business owners engage in social media marketing for their businesses. 

It’s easy to overlook the cons of integrating social media with your business — in this case, the con-artists — while enjoying the tremendous benefits. Given the pervasive role of social media, it’s become an increasingly popular method that scammers use to exploit victims. Any of the tax scams mentioned above can be easily executed via social media.

How does it happen?
Scammers will do whatever is necessary to carry out scams – from standing up fake social media accounts posing as one of your business’ vendors, or a fake charity to hacking into legitimate accounts. They may even use additional phishing tactics to connect with you through your posts, through direct messages containing malicious links or urgent requests directing you to spoofed web pages.

What can you do to protect yourself?
Just as you should not click on links within potential phishing emails, be wary of links you receive through social media accounts. Additionally, keep in mind that links in social media messages tend to be shortened URLs, making it nearly impossible to validate. Despite social media being the “sharing” platform, it is definitely not the place to share any of your business’ sensitive information.

Knowing the signs to watch for should give you greater confidence in protecting yourself and your business from these notorious business-related tax scams.


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

Laura Bruck, VP Marketing at EZShield Fraud Protection
Laura Bruck joined EZShield in February of 2009, leading their marketing efforts and working with sales...
Read more about Laura Bruck.

Leave a Comment.