The IRS and the Department of Justice have announced that, for the first time, they’ve busted five call centers in India whose employees impersonated IRS revenue agents. These supposed civil servants called unsuspecting U.S. taxpayers and pressured them to pay phony tax bills with iTunes cards. Indictments and extradition proceedings are underway.
These scammers sent voice mail messages or texts (I got one last April) urging recipients to call back. I didn’t. However, those who did were connected to “Christopher” or “Daniel”—someone speaking impeccable American-accented English who proceeded to bilk callers.
It’s logical to ask: Who on earth would get tricked by such an oddball scheme? After all, phone scams of one sort or another have been percolating for years. But pay your tax bill with iTunes gift cards? Seriously?
However, a call from an alleged IRS agent is apparently a powerful motivator—at least powerful enough to have helped extract at least $47 million from victims, according to federal investigators.
Plan now to be scammed
Unfortunately, shutting down five call centers in India won’t stop the proliferation of tax scams. In fact, scammers are more likely to target tax professionals these days.
Last tax season, for example, phone scammers for the first time specifically targeteddepartments. Now is the time, before year-end kicks into high gear in earnest, to ensure that you’re as protected as possible against scammers. Heed these tips:
- Before clicking on any links to download tax updates for 2017, make sure they’re legit by contacting your customer service rep.
- Check out the security procedures of your third-party providers.
- Inform upper that the Payroll department will not respond to emails asking for employees’ personal identifying information (this was the basis of last tax season’s scam). Instead, all requests should be in writing, on paper.
- Require that Payroll staff use strong passwords (numbers, symbols, upper and lowercase letters) on all computers and tax software programs. Inconvenience aside, require that those passwords to be changed every 60 to 90 days.
- Train Payroll staff in security and nondisclosure, especially to outsiders who phone or ask for information to be faxed or emailed. Also warn staff against making information vulnerable by, for example, failing to immediately file and lock up personnel files after use.
- Never let employees take home documents on which sensitive data appear. This includes downloading information to a laptop or USB drive.
- Use caution when allowing or granting staff remote access to internal networks that contain sensitive data.