In recent years, tax schemes and scams have been on the rise. Con artists work year-round which means taxpayers must remain vigilant to avoid being victimized. Here are some tips to help people recognize and avoid some of the most common tax related scams.
Email phishing scams
The IRS does not initiate contact with taxpayers by email to request personal or financial information. Generally, the IRS first mails a paper bill to the person who owes taxes. In some special situations, the IRS will call or come to a home or business.
Taxpayers should report IRS, Treasury or tax-related suspicious phishing scams by saving the email and then sending that file as an attachment to phishing@irs.gov. They should not open any attachments, click on any links, reply to the sender, or take any other actions that could put them at risk.
Phone scams
The IRS generally first mails a bill to the taxpayer who owes taxes. There are specific ways to pay taxes. The agency and its authorized private collection agencies will not:
- Leave pre-recorded, urgent, or threatening messages on an answering system.
- Threaten to immediately bring in local police or other law enforcement groups to arrest the taxpayer for not paying, deport them or revoke their licenses.
- Call to demand immediate payment with a prepaid debit card, gift card or wire transfer.
- Ask for checks to third parties.
- Demand payment without giving the taxpayer an opportunity to question or appeal the amount owed.
Criminals can fake or spoof caller ID numbers to appear to be anywhere in the country. Scammers can even spoof an IRS office phone number or the numbers of various local, state, federal or tribal government agencies.
If a taxpayer receives an IRS or Treasury-related phone call, but doesn’t owe taxes and has no reason to think they do, they should:
- Not give out any information. Hang up immediately.
- Contact the Treasury Inspector General for Tax Administration to report the IRS impersonation scam call.
- Report the caller ID and callback number to the IRS by sending it to phishing@irs.gov. The subject line should include “IRS Phone Scam.”
- Report the call to the Federal Trade Commission.
IRS wraps up its 2021 “Dirty Dozen” scams list with warning about promoted abusive arrangements
The Internal Revenue Service today concludes the “Dirty Dozen” list of tax scams with a warning to taxpayers to watch out for schemes peddled by tax promoters, including syndicated conservation easements, abusive micro-captive insurance arrangements and other abusive arrangements.
The IRS warns people to be on the lookout for promoters who peddle false hopes of large tax deductions from abusive arrangements. These “deals” are generally marketed by unscrupulous promoters who make false claims about their legitimacy and charge high fees to boot. These promoters frequently devise new ways to cheat the system and market them aggressively. Some taxpayers play the audit lottery hoping they don’t get noticed.
To fight the evolving variety of these abusive arrangements, the IRS recently created the Office of Promoter Investigations (OPI) to focus on participants and the promoters of abusive tax avoidance transactions. OPI coordinates service-wide enforcement activities. The best defense for a taxpayer approached by a promoter is to show caution: if it sounds too good to be true, it probably is.
These aggressively marketed abusive arrangements wrap up the IRS’s annual “Dirty Dozen” list and include the following:
Syndicated conservation easements
In syndicated conservation easements promoters take a provision of tax law for conservation easements and twist it through using inflated appraisals of undeveloped land and partnerships. These abusive arrangements are designed to game the system and generate inflated and unwarranted tax deductions, often by using inflated appraisals of undeveloped land and partnerships devoid of a legitimate business purpose.
Abusive micro-captive arrangements
In abusive “micro-captive” structures, promoters, accountants or wealth planners persuade owners of closely held entities to participate in schemes that lack many of the attributes of insurance. For example, coverages may ““ensure”” implausible risks, fail to match genuine business needs or duplicate the taxpayer’s commercial coverages. But the “premiums” paid under these arrangements are often excessive and used to skirt tax law. Recently, the IRS has stepped up enforcement against a variation using potentially abusive offshore captive insurance companies domiciled in Puerto Rico and elsewhere.
Potentially abusive use of the US-Malta tax treaty
Some U.S. citizens and residents are relying on an interpretation of the U.S.-Malta Income Tax Treaty (Treaty) to take the position that they may contribute appreciated property tax free to certain Maltese pension plans and that there are also no tax consequences when the plan sells the assets and distributes proceeds to the U.S. taxpayer. Ordinarily gain would be recognized upon disposition of the plan’s assets and distributions of the proceeds. The IRS is evaluating the issue to determine the validity of these arrangements and whether Treaty benefits should be available in such instances and may challenge the associated tax treatment.
Improper claims of business credits
Improper claims for the research and experimentation credit generally involve failures to participate in, or substantiate, qualified research activities and/or satisfy the requirements related to qualified research expenses. To claim a research credit, taxpayers must evaluate and appropriately document their research activities over a period to establish the amount of qualified research expenses paid for each qualified research activity. Taxpayers should carefully review reports or studies to ensure they accurately reflect the taxpayer’s activities.
Improper monetized installment sales
Promoters find taxpayers seeking to defer the recognition of gain upon the sale of appreciated property and organize an abusive shelter through selling them monetized installment sales. These transactions occur when an intermediary purchase appreciated property from a seller in exchange for an installment note, which typically provides for payments of interest only, with principal being paid at the end of the term. In these arrangements, the seller gets the lion’s share of the proceeds but improperly delays the gain recognition on the appreciated property until the final payment on the installment note, often slated for many years later. The IRS continues to pursue actions against promoters of these schemes as well as the taxpayers who participate in them. “We are stepping up our enforcement against abusive arrangements,” said IRS Commissioner Chuck Rettig. “Don’t be lulled into these shady deals. The IRS recommends that anyone who participated in one of these abusive arrangements should consult independent counsel about coming into compliance.”
Avoiding Social Engineering and Phishing Attacks:
What is a social engineering attack?
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as:
- Natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
- Epidemics and health scares (e.g., H1N1, COVID-19)
- Economic concerns (e.g., IRS scams)
- Major political elections
- Holidays
What is a vishing attack?
Vishing is the social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed, which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. Landline communication cannot be intercepted without physical access to the line; however, this trait is not beneficial when communicating directly with a malicious actor.
What is a smishing attack?
Smishing is a form of social engineering that exploits SMS, or text, messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increase the likelihood that users will fall victim to engineered malicious activity.
What are common indicators of phishing attempts?
- Suspicious sender’s address. The sender’s address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.
- Generic greetings and signature. Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information.
- Spoofed hyperlinks and websites. If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.
- Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify, and proofread customer correspondence.
- Suspicious attachments. An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.
How do you avoid being a victim?
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Don’t send sensitive information over the internet before checking a website’s security.
- Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with “https”—an indication that sites are secure—rather than “http.”
- Look for a closed padlock icon—a sign your information will be encrypted.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
- Take advantage of any anti-phishing features offered by your email client and web browser.
- Enforce multi-factor authentication (MFA).
What do you do if you think you are a victim?
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Watch for other signs of identity theft.
- Consider reporting the attack to the police and file a report with the Federal Trade Commission.

All questions regarding these tax scams or other tax matters that may affect you / your business can be addressed to:
Kurt Marty, Director