Technology has long made accounting easier, from the first adding machines to electronic spreadsheets to today’s cloud computing ecosystem. While recent advancements have allowed business owners and their accountants to collaborate efficiently from any location, they also created a growing cybersecurity risk that cyber insurance can help manage.
Cyberattacks Threaten All Organizations
According to a 2022 survey commissioned by CyberCatch, 75% of small and medium-sized businesses (SMBs) could only survive three to seven days if they suffered a cyberattack.
Big businesses are frequent targets, and their security breaches tend to make headlines. But smaller businesses are easier prey for cybercriminals because they lack the complicated security infrastructure that larger businesses maintain.
The cost of a data breach can be devastating for small businesses. A data breach costs SMBs, on average, $101,000, according to Kaspersky’s IT Security Economics Report for 2020. That cost includes detecting and shutting down the attack, recovering lost data, notifying third parties, legal expenses related to the breach, and lost business.
Cloud accounting is more secure than having all your business’ accounting data on a desktop or device because providers typically deploy top-of-the-line security features. However, any system — cloud or otherwise — is only as strong as its weakest link. It only takes one user falling victim to a social engineering attack, using a weak password, or opening a malware-inflected attachment to give cybercriminals access to your payroll records, vendor and customer lists, bank account numbers, and more.
Manage the Risk with Cyber Insurance
Cyber insurance has become an increasingly important risk management tool for businesses. This insurance policy provides businesses with various coverage options to help recover from data breaches and other security issues.
While the exact coverages vary from policy to policy, cyber insurance typically covers two broad categories of losses:
First-party losses. These are losses impacting the business due to a cyber incident. According to the Federal Trade Commission, first-party coverage typically covers costs related to:
Hiring legal counsel to determine legal and regulatory obligations after a breach
Recovering and replacing lost or stolen data
Notifying customers and other third parties
Lost income due to an interruption of business activity
Public relations and crisis management
Paying a ransom to have stolen data restored
Forensic services to investigate a data breach
Paying fees, fines, and penalties stemming from the incident
Third-party losses. These are losses that result from a third party bringing a claim against the business. It typically covers costs related to:
Paying customers affected by the breach
Settling claims and paying legal expenses relating to disputes or lawsuits
Litigating and responding to regulatory inquiries
Forensic accounting costs
Like any insurance policy, cyber insurance policies have exclusions. Typical cyber policy exclusions include lost future profits, the lost value related to intellectual property theft, and the cost of upgrading security after a data breach.
How to Buy Cyber Insurance
Most major commercial insurance carriers offer cyber insurance coverage, so reach out to your agent or broker to get a quote. But keep in mind while cyber insurance is increasingly essential coverage for most small businesses, it can also be difficult — and expensive — to buy. According to Marsh, a New York City-based insurance broker, and advisor, cyber insurance premiums in the U.S. increased by an average of 96% from 2020 to 2021.
Following a few IT security best practices can reduce your risk and improve your chances of getting coverage at an affordable price. Those best practices include:
Requiring strong, unique passwords and multi-factor authentication on any network or system that can be accessed remotely.
Ensuring your company has backups of all crucial systems and databases.
Regularly installing software updates on all devices, applications, and networks.
Educating employees about basic cybersecurity and how to spot common schemes.
Having a secure, encrypted WiFi network and ensuring employees working from home encrypt their networks.
As technology evolves, so will your exposure to various types of cyber-risks. While cyber insurance coverage can be a critical part of managing those risks, it doesn’t replace security best practices. Take the necessary steps to protect your business to a better chance of minimizing your exposure.
The partners and professionals at Hamilton Tharp, LLP would like to remind our clients to watch for IRS notices and letters. With IRS scams and identity theft on the rise, stopping identity theft and refund fraud is a top priority for the Internal Revenue Service. The IRS has many new safeguards in place to help fight against stolen identity refund fraud. These safeguards are designed to better authenticate the taxpayer’s identity and the validity of the tax return at the time of filing. If the IRS received your federal income tax return, but needs more information to verify your identity and process your tax return, they will send you Letter 4883C. There are many reasons why a return may appear to be suspicious to IRS systems, and the agency takes this precautionary step to help protect you.
If you received Letter 4883C, it is not fraud. It is a legitimate request, from the IRS, asking you to verify your identity. The letter will contain instructions to call the toll-free IRS Identity Verification telephone number at 800-830-5084. Before you call, gather the following items:
Letter 4883C,
Last year’s tax return,
Your current tax return,
Supporting documents, such as Forms W-2 or 1099.
If you are unable to verify your identity with the customer service representative, you may be asked to visit an IRS Taxpayer Assistance Center in person. To find a Taxpayer Assistance Center closest to you, visit https://apps.irs.gov/app/officeLocator/index.jsp and enter your zip code into the office locator. Taxpayer Assistance Centers are closed on federal holidays. You will be asked to provide photo identification and a taxpayer identification number such as your social security number. You may also be asked to provide a copy of the tax return in question.
Remember, the IRS will never
Call to demand immediate payment, nor will we call about taxes owed without first having mailed you a bill.
Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
Require you to use a specific payment method for your taxes, such as a prepaid debit card.
Ask for credit or debit card numbers over the phone.
Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
Report suspicious online or emailed phishing scams to: phishing@irs.gov. For phishing scams by phone, fax or mail, call 1-800-366-4484.
We also remind our clients, this is the time of year they may see scam emails from their tax software provider or others asking them to update online accounts. Taxpayers should learn to recognize phishing emails, calls or texts that pose as familiar organizations such as banks, credit card companies, tax software providers or even the IRS. These ruses generally urge taxpayers to give up sensitive data such as passwords, Social Security numbers and bank account or credit card numbers.
If you receive a suspicious email, check with us first. Never open an attachment or link from an unknown or suspicious source. It may infect your computer with malware or steal information. Remember, the IRS does not send unsolicited emails or request sensitive data via email.
The Internal Revenue Service warns taxpayers of a new twist on an old scam in which criminals’ steal client data from tax professionals, file fraudulent tax returns and deposit the erroneous refund into the taxpayers’ real bank account. They will then use a variety of tactics to reclaim the refund from the taxpayer. There are currently two versions of the scam.
Version One
Criminals posing as debt collection agency officials acting on behalf of the IRS contacted the taxpayers to say a refund was deposited in error, and they asked the taxpayers to forward the money to their collection agency.
Version Two
The taxpayer who received the erroneous refund gets an automated call with a recorded voice saying he is from the IRS and threatens the taxpayer with criminal fraud charges, an arrest warrant and a “blacklisting” of their Social Security Number. The recorded voice gives the taxpayer a case number and a telephone number to call to return the refund.
What should you do if you received an erroneous refund?
The IRS urges taxpayers to follow established procedures for returning an erroneous refund to the agency. The IRS also encourages taxpayers to discuss the issue with their financial institutions because there may be a need to close bank accounts. Taxpayers receiving erroneous refunds also should contact their tax preparers immediately.
Remember, the IRS will never
Call to demand immediate payment, nor will we call about taxes owed without first having mailed you a bill.
Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
Require you to use a specific payment method for your taxes, such as a prepaid debit card.
Ask for credit or debit card numbers over the phone.
Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
The professionals in our office are closely monitoring this evolving scam, we will keep you apprised.
The Internal Revenue Service, state tax agencies and the tax industry urges all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last year.
The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
Reports to phishing@irs.gov from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.
The IRS and its partners in the Security Summit effort hope to limit the success of this scam in 2018 by alerting employers immediately. The IRS can take steps to protect employees, but only if the agency is notified immediately by employers about the theft. Last year, the IRS created a new process by which employers should report these scams.
How the scam works
Cybercriminals do their homework, identifying chief operating officers, school executives or others in positions of authority.
Using a technique known as business email compromise (BEC) or business email spoofing (BES), fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees.
The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. Criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.
The initial email may be a friendly, “hi, are you working today” exchange before the fraudster asks for all Form W-2 information. In several reported cases, after the fraudsters acquired the workforce information, they immediately followed that up with a request for a wire transfer.
Best Practices for Employers
To prevent falling victim of the Form W-2 Scam, employers can:
Train payroll or finance personnel employees to recognize and report security threats.
Create a policy to limit the number of employees who have authority to handle Form W-2 requests.
Require additional verification procedures to validate actual requests before emailing sensitive data such as employee Form W-2s.
If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft.
How to notify the IRS if you are a victim
The IRS established a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:
Email dataloss@irs.gov to notify the IRS of a Form W-2 data loss and provide contact information, as listed below.
In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
Include the following:
Business name
Business employer identification number (EIN) associated with the data loss
Contact name
Contact phone number
Summary of how the data loss occurred
Volume of employees impacted
Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to phishing@irs.gov and use “W2 Scam” in the subject line.
Be aware that cybercriminals’ scams are constantly evolving. Employers should be alert to any unusual requests for employee data.
We know identity theft is a frustrating process for victims. The IRS is taking this issue very seriously and continues to expand on their robust screening process to stop fraudulent returns.
What is identity theft?
Identity theft occurs when someone uses personal information such as your name, Social Security number (SSN) or other identifying information without your permission, to commit fraud or other crimes, such as claiming a fraudulent refund.
How do you know if your tax records have been affected?
Usually, an identity thief uses a legitimate taxpayer’s identity to fraudulently file a tax return and claim a refund. Generally, the identity thief will use a stolen SSN to file a forged tax return and attempt to get a fraudulent refund early in the filing season.
You may only become aware this has happened to you if you file your return later in the filing season and discover that two returns have been filed using the same SSN.
Be alert to possible identity theft if you receive an IRS notice or letter that states that:
More than one tax return for you was filed,
You have a balance due, refund offset or have had collection actions taken against you for a year you did not file a tax return, or
IRS records indicate you received wages from an employer unknown to you.
What should you do if your tax records are affected by identity theft?
If you receive a notice from the IRS, contact us immediately. If you believe someone may have used your SSN fraudulently, we will notify the IRS immediately by completing the appropriate paperwork.
If you are a victim of identity theft, the Federal Trade Commission recommends that you
File a complaint with the FTC at identitytheft.gov.
Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records.
Contact your financial institutions, and close any financial or credit accounts that were opened without your permission or tampered with by identity thieves.
If your SSN number is compromised, the IRS recommends that you
Respond immediately to any IRS notice; call the number provided. Taxpayers should remember their first contact with the IRS will not be a call from out of the blue, but through official correspondence sent through the mail.
Complete IRS Form 14039, Identity Theft Affidavit, if your e-filed return is rejected because of duplicate filing under your SSN.
How can you protect your tax records?
If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost/stolen purse or wallet, questionable credit card activity or credit report, please let us know. We can assist you in contacting the IRS and other agencies to ensure your identity is safe.
How can you minimize the chance of becoming a victim?
Do not carry your Social Security card or any document(s) with your SSN on it.
Do not give a business your SSN just because they ask; give it only when required.
Protect your financial information.
Check your credit report every 12 months.
Secure personal information in your home.
Protect your personal computers by using firewalls and anti-spam/virus software, updating security patches and changing passwords for Internet accounts.
Do not give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with.
If you become a victim of identity theft, the professionals in our office can assist you in dealing with the IRS and any other agencies with which you must communicate. Call us today.
Equifax, one of the United States’ three major consumer credit reporting agencies, recently reported a breach that compromised the personal information of approximately 143 million Americans. The nature of this breach is particularly alarming because many consumers may not even know they are customers of the company. Equifax receives information from multiple sources including banks, lenders, credit card companies and retailers. Names, social security numbers, birth dates, addresses and driver’s licenses were among the information stolen from Equifax’s databases.
Credit card numbers for about 209,000 people were exposed, as was “personal identifying information” on roughly 182,000 customers involved in credit report disputes.
How to determine if you were one of the 143 million Americans affected
Visit www.equifaxsecurity2017.com to find out if your information was exposed. Click on the “Potential Impact” tab. You will be asked to enter your last name and last six digits of your Social Security number.
Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring. You have until November 20, 2017 to enroll.
Keep in mind, if you sign up for Equifax’s offer of free identity theft protection and credit file monitoring, you may be limiting your rights to sue and be forced to take disputes to arbitration.
Additional steps you can take
Review your transactions regularly. Monitor your credit card statements and credit report for any accounts or charges you don’t recognize. You can order a free report from each of the three credit bureaus once a year.
Consider placing a credit freeze, making it difficult for someone to open a new account in your name.
File your taxes early, before a scammer can.
Respond right away to letters from the IRS. Remember the IRS will never call.
We are closely monitoring this issue and will keep you informed of any new developments.
Even though the tax filing season has ended for most taxpayers, The Internal Revenue Service recently issued a warning that tax-related scams continue. People should remain on alert to new and emerging schemes involving the tax system that continue to claim victims. Below we have listed four recent scams to be aware of and the tell tale signs of a scam.
EFTPS Scam A new scam which is linked to the Electronic Federal Tax Payment System (EFTPS) has been reported nationwide. Con artists will call to demand immediate tax payment. The caller claims to be from the IRS and says that two certified letters mailed to the taxpayer were returned as undeliverable. The scammer then threatens arrest if a payment is not made immediately by a specific prepaid debit card. Victims are told that the debit card is linked to the EFTPS when, in reality, it is controlled entirely by the scammer. Victims are warned not to talk to their tax preparer, attorney or the local IRS office until after the payment is made.
“Robo-call” Messages It is important to remember that the IRS does not call and leave prerecorded, urgent messages asking for a call back. In this tactic, scammers tell victims that if they do not call back, a warrant will be issued for their arrest. Those who do respond are told they must make immediate payment either by a specific prepaid debit card or by wire transfer.
Private Debt Collection Scams The IRS recently began sending letters to a relatively small group of taxpayers whose overdue federal tax accounts are being assigned to one of four private-sector collection agencies. Taxpayers should be on the lookout for scammers posing as private collection firms. The IRS-authorized firms will only be calling about a tax debt the person has had – and has been aware of – for years. The IRS would have previously contacted taxpayers about their tax debt.
Scams Targeting People with Limited English Proficiency Taxpayers with limited English proficiency have been recent targets of phone scams and email phishing schemes that continue to occur across the country. Con artists often approach victims in their native language, threaten them with deportation, police arrest and license revocation among other things. They tell their victims they owe the IRS money and must pay it promptly through a preloaded debit card, gift card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls” or via a phishing email.
Tell Tale Signs of a Scam:
The IRS (and its authorized private collection agencies) will never:
Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. The IRS does not use these methods for tax payments. The IRS will usually first mail a bill to any taxpayer who owes taxes. All tax payments should only be made payable to the U.S. Treasury and checks should never be made payable to third parties.
Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
Demand that taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.
Ask for credit or debit card numbers over the phone.
How to Know It’s Really the IRS Calling or Knocking
The IRS initiates most contacts through regular mail delivered by the United States Postal Service. However, there are special circumstances in which the IRS will call or come to a home or business, such as:
when a taxpayer has an overdue tax bill,
to secure a delinquent tax return or a delinquent employment tax payment, or,
to tour a business as part of an audit or during criminal investigations.
If you think you are the target of a scam follow up with your accountant for further guidance.
One only needs to skim the daily news to realize that hackers are getting better and cybersecurity is more important than ever. The most recent cyberattack was a strain of ransomware that spread itself across all workstations in a network, causing a global epidemic. Luckily, a programmer developed an internal “kill switch,” which disabled the malware from spreading any further. Regardless of whether your system was impacted by this outbreak or not, there are many lessons to be learned. Principally, the need to reinforce fundamental security practices to prepare for the future.
Taking these recent outbreaks into consideration, it is evident that organizations need to make cybersecurity risk management a top priority. To help leaders in the accounting profession reach this goal, the American Institute of CPAs (AICPA) has unveiled a cybersecurity risk management reporting framework that will help companies and auditors communicate cyber risk readiness to stakeholders. The framework is long overdue; until now a common language for companies to communicate about their cybersecurity risk management was non-existent. The AICPA’s new framework includes three main resources:
Description criteria used by management to explain the organization’s cybersecurity risk management program.
Control criteria used by CPAs providing advisory or attestation services to evaluate and report on the effectiveness of the controls within a client’s program.
Attest Guide, Reporting on an Entity’s Cybersecurity Risk Management Program and Controls, will be used to assist CPAs engaged to examine and report on an entity’s cybersecurity risk management program.
Cyber threats are constantly evolving, and unfortunately, your cash and customer information are desirable targets. Providing assurance to your team and stakeholders requires intentionality and a plan. Having strong cybersecurity measures in place will help safeguard sensitive information and the AICPA’s new reporting framework will help you better communicate your preparedness to key stakeholders. If you need any guidance in this area, please reach out to one of our tax advisors.
The Internal Revenue Service, state tax agencies and the tax industry recently issued an urgent alert to all employers that the Form W-2 email phishing scam has evolved beyond the corporate world and is spreading to other sectors, including school districts, tribal organizations and nonprofits.
In a related development, the W-2 scammers are coupling their efforts to steal employee W-2 information with an older scheme on wire transfers that is victimizing some organizations twice. “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.
When employers report W-2 thefts immediately to the IRS, the agency can take steps to help protect employees from tax-related identity theft. The IRS, state tax agencies and the tax industry, working together as the Security Summit, have enacted numerous safeguards in 2016 and 2017 to identify fraudulent returns filed through scams like this. As the Summit partners make progress, cybercriminals need more data to mimic real tax returns.
Here’s how the scam works:
Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).
The Security Summit partners urge all employers to be vigilant. The W-2 scam, which first appeared last year, is circulating earlier in the tax season and to a broader cross-section of organizations, including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight. Those businesses that received the scam email last year also are reportedly receiving it again this year.
New Twist to W-2 Scam: Companies Also Being Asked to Wire Money
In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.
The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
Steps Employers Can Take If They See the W-2 Scam
Organizations receiving a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.
Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at identitytheft.gov or the IRS at www.irs.gov/identitytheft. Employees should file a Form 14039, Identity Theft Affidavit, if the employee’s own tax return gets rejected because of a duplicate Social Security number or if instructed to do so by the IRS.
The W-2 scam is just one of several new variations that have appeared in the past year that focus on the large-scale thefts of sensitive tax information from tax preparers, businesses and payroll companies. Individual taxpayers also can be targets of phishing scams, but cybercriminals seem to have evolved their tactics to focus on mass data thefts.
Be Safe Online
In addition to avoiding email scams during the tax season, taxpayers and tax preparers should be leery of using search engines to find technical help with taxes or tax software. Selecting the wrong “tech support” link could lead to a loss of data or an infected computer. Also, software “tech support” will not call users randomly. This is a scam. Taxpayer or tax preparers looking for tech support for their software products should go directly to the provider’s web page.
The professionals in our office can answer any questions you may have regarding Phishing scams. Call us today.
IRS Warns Taxpayers to Guard Against New Tricks by Scam Artists Losses Top $20 Million
WASHINGTON — Following the emergence of new variations of widespread tax scams, the Internal Revenue Service today issued another warning to taxpayers to remain on high alert and protect themselves against the ever-evolving array of deceitful tactics scammers use to trick people.
These schemes — which can occur over the phone, in e-mails or through letters with authentic looking letterhead — try to trick taxpayers into providing personal financial information or scare people into making a false tax payment that ends up with the criminal.
The Treasury Inspector General for Tax Administration (TIGTA) has received reports of roughly 600,000 contacts since October 2013. TIGTA is also aware of nearly 4,000 victims who have collectively reported over $20 million in financial losses as a result of tax scams.
“We continue to see these aggressive tax scams across the country,” IRS Commissioner John Koskinen said. “Scam artists specialize in being deceptive and fooling people. The IRS urges taxpayers to be extra cautious and think twice before answering suspicious phone calls, emails or letters.”
Scammers posing as IRS agents first targeted those they viewed as most vulnerable, such as older Americans, newly arrived immigrants and those whose first language is not English. These criminals have expanded their net and are now targeting virtually anyone.
In a new variation, scammers alter what appears on your telephone caller ID to make it seem like they are with the IRS or another agency such as the Department of Motor Vehicles. They use fake names, titles and badge numbers. They use online resources to get your name, address and other details about your life to make the call sound official. They even go as far as copying official IRS letterhead for use in email or regular mail.
Brazen scammers will even provide their victims with directions to the nearest bank or business where the victim can obtain a means of payment such as a debit card. And in another new variation of these scams, con artists may then provide an actual IRS address where the victim can mail a receipt for the payment — all in an attempt to make the scheme look official.
The most common theme with these tricks seems to be fear. Scammers try to scare people into reacting immediately without taking a moment to think through what is actually happening.
These scam artists often angrily threaten police arrest, deportation, license revocation or other similarly unpleasant things. They may also leave “urgent” callback requests, sometimes through “robo-calls,” via phone or email. The emails will often contain a fake IRS document with a telephone number or email address for your reply.
It is important to remember the official IRS website is IRS.gov. Taxpayers are urged not to be confused or misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov. Taxpayers should never provide personal information, financial or otherwise, to suspicious websites or strangers calling out of the blue.
Below are five things scammers often do that the real IRS would never do.
The IRS will never:
Angrily demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you a bill.
Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
Require you to use a specific payment method for your taxes, such as a prepaid debit card.
Ask for credit or debit card numbers over the phone.
Here’s what you should do if you think you’re the target of an IRS impersonation scam:
If you actually do owe taxes, call the IRS at 1-800-829-1040. IRS workers can help you with a payment issue.
If you know you don’t owe taxes or do not immediately believe that you do, you can report the incident to the Treasury Inspector General for Tax Administration (TIGTA) at 1-800-366-4484.
If you’ve been targeted by any scam, be sure to contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add “IRS Telephone Scam” to the comments of your complaint.