IRS alerts taxpayers of refund scam

Tax-related identity theft is an increasingly problematic issue and is becoming more dangerous as scammers adapt to preventive measures taken by the IRS and law enforcement. The IRS recently released Tax Tip 2018-32, warning of “a new twist on an old scam”: Thieves have a fraudulent tax refund deposited into a taxpayer’s bank account and attempt to claim the refund directly from the taxpayer. In addition, rather than contacting the taxpayer directly, thieves attempt to obtain information from employers, human resource departments, professional advisors as well as other sources.

Fraudulent refunds

In the refund scam, perpetrators execute the heist by stealing taxpayer data and using it to file fraudulent returns by posing as the taxpayers. Overpayments are refunded via direct deposit into the taxpayers’ bank accounts. Then the thieves contact the taxpayers, stating the refunds were deposited in error and ask that they be returned.

The IRS identified two current versions of the scam and warned that it may continue to evolve:

  1. The thief contacts the taxpayer, posing as a debt collection agency official acting on the IRS’ behalf, reports the erroneous refund deposit and asks for the money to be returned to the collection agency.
  2. The taxpayer receives a recorded message via phone, with the recorded voice saying the call is from the IRS and threatening criminal fraud charges, an arrest warrant and blacklisting of the taxpayer’s Social Security number. A fake case number and phone number to call to arrange the repayment of the refund are provided near the end of the message.

The scheme has been listed by the IRS as one of the “Dirty Dozen” scams identified annually, raising awareness of the many varieties of theft attempted most often during return filing season. Perpetrators alter caller ID numbers, use IRS employee titles and fake badge numbers, and reference the taxpayer’s name, address and other personal information in an effort to make the calls appear legitimate.

Email schemes

Recently, the IRS has seen email schemes targeting tax professionals, payroll professionals, human resources personnel, school systems and individual taxpayers.

In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person's name. They also pose as a bank, credit card company, a tax software provider or government agency.

These schemes focus on employees rather than the taxpayer directly. Thieves target employees’ roles at work, especially human resources or finance-related roles. They mask their communications to appear to be coming from a boss or co-worker, or from a trusted business associate, such as a payroll provider. They then request information instead of money, typically, employee data such as W-2 forms.

Identity thieves often go to great lengths to create websites that appear legitimate but contain phony login pages. Fake emails and websites also can infect a taxpayer's computer with malware without the user knowing, thereby giving thieves access to the computer. Recognizing a plot is critical to prevent further damage. Things to consider include:

  • Remind employees in sensitive positions (access to critical data) to verify requests made via email. They should call or initiate a separate email confirming the request as a reply email may be routed to a false source.
  • Report suspicious requests to your IT department.

Keep in mind, the IRS generally conducts its correspondence via the U.S. mail. In addition,

  • The IRS will not call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer.
  • The IRS will not threaten to immediately bring in local police or other law enforcement groups to have the taxpayer arrested for not paying.
  • The IRS will not demand tax payments without giving taxpayers the opportunity to question or appeal the amount owed, ask for credit or debit card numbers over the phone, or call about an unexpected refund.

If contacted by any of the above methods or any semblance thereof, taxpayers should:

  • Contact their tax preparer immediately,
  • Report the incident to their local police department and the Federal Trade Commission,
  • Place a fraud alert or credit freeze with one of the three major credit bureaus (Equifax, Experian, TransUnion) and request a copy of their credit report,
  • Contact their financial institution and close accounts as needed, and
  • Follow the steps provided by IRS Topic Number 161 for returning an erroneous refund.

Taxpayer steps to help prevent identity theft include:

  • Protect Social Security numbers and personal financial information. Confidential information should not be carried around and should only be provided when absolutely necessary, and with extreme caution;
  • Monitor credit reports;
  • Check Social Security Administration earnings statements annually;
  • Shred financial documents or any other document containing confidential information when no longer needed;
  • Use security software with firewall and anti-virus protections combined with strong passwords (combinations of uppercase and lowercase letters, numerals and special symbols);
  • Recognize and avoid phishing emails and threatening communications; and
  • Refrain from clicking on links or downloading attachments from suspicious emails or other sources.

For more, see the IRS Taxpayer Guide to Identity Theft.

For related insights and in-depth analysis, see our Tax reform resource center.

For more information on this topic, or to learn how Baker Tilly tax specialists can help, contact our team.


The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Tax information, if any, contained in this communication was not intended or written to be used by any person for the purpose of avoiding penalties, nor should such information be construed as an opinion upon which any person may rely.  The intended recipients of this communication and any attachments are not subject to any limitation on the disclosure of the tax treatment or tax structure of any transaction or matter that is the subject of this communication and any attachments.