Only a few days into the filing season, the IRS sent a release on Feb.2 describing a new scam that began with cybercriminals stealing data from tax practitioners’ computers and filing fraudulent tax returns.

The twist: In a few cases, the fraudulent returns used the taxpayers’ real bank accounts for the deposit. A woman posing as a debt collection agency official then contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to forward the money to her.

As Security Summit partners make inroads against identity theft, cybercriminals have evolved their tactics to focus on tax professionals where they can steal client data. Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions. Criminals look for ways to get fraudulent refunds delivered to themselves rather than the actual taxpayers.

This new scam serves as a reminder that taxpayers should be alert to unusual activity such as receiving a tax transcript or tax refund they did not request. Take time to review the Taxpayer Guide to Identity Theft for appropriate actions.

Taxpayers who receive a direct deposit refund that they did not request should take the following steps:

  • Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS
  • Call the IRS toll-free at 800-829-1040 (individual) or 800-829-4933 (business) to explain why the direct deposit is being returned
  • Keep in mind interest may accrue on the erroneous refund

You can find more guidance at Returning an Erroneous Refund.

As IRS Criminal Investigation agents review this latest data theft scam, the IRS reminds preparers that the majority of data thefts occur because the tax preparer or someone in the office opened a phishing email and clicked on a link or attachment that contained malware. Of the various forms of malware, some are secretly download into computers and allow thieves to see each keystroke or give thieves remote access to computers.

Tax professionals should review the Security Summit’s Don’t Take the Bait campaign, which outlines various scams used to trick practitioners. Tax professionals also are urged to seek cybersecurity experts to help better secure their data.