 The Dirty Dozen. IRS urges tax pros and other businesses to beware of spearfishing offers tips to avoid dangerous common scams. The Dirty Dozen. Honestly, the name sounds like a bunch of rebellious donut flavors. It's like, yeah, give me one of those Dirty Dozen donuts with the pickled relish flavor glaze packaged in the wax paper that's shaped like like a leather jacket. You know, it's like leave it to the IRS to turn a sweet thing sour or the the Dirty Dozen. Possibly the IRS is moonlighting as like a as like a gritty crime novelist with a name like that, you know? Or maybe the the Dirty Dozen actually sounds like it sounds like a Marvel superhero movie. However, considering Marvel is now the MCU, maybe it should be called the Dirty Dozen Danes. You know, they could be the the Triple D tribe and they're all that's holding up the entire Disney universe these days. Some have questioned how the Triple D tribe are able to fight bad guys while carrying all that weight. However, it appears they have discovered the bad guys are actually spear fishers. So the Triple D tribe have honed in their strategy focusing on disabling the spear. But seriously, seriously spear fishing is actually a kind of bait and switch where scammers pretend to be the IRS to hook your personal information. Talk about a fishy situation. The IRS warning of people about taking personal information and money. Someone, you know, spear fishers. I mean, the irony here is thicker than the tax code. I mean, it's like the IRS is saying, hey, we're the only ones allowed to make your life miserable during tax season. But whatever. Anyways. That list here, by the way, as part of the annual Dirty Dozen tax scam effort, the IRS and the Security Summit partners, just like the Justice League, the security partners, just like the X men or the X, whatever the X thems, just like the X thems, they're saving the world. So their partners urge tax professionals and businesses to be on the lookout for a variety of suspicious email requests through these spear fishing email scammers, try to steal client data, tax software preparation credentials and tax preparer identities with the goal of getting fraudulent tax refunds. So obviously if they can steal the identity, one of the things they might try to do that with that is file fraudulent returns, which may have become and most likely have become more profitable in the last few years, given the fact that the IRS has been shooting money out everywhere. And they have increased things like the refundable tax credits and all that kind of stuff. However, they're kind of starting to reel that stuff back now that they're getting hit with the inflation, which was, of course, the inevitable result. But you would still think that you have a heightened level of possible scams that are going out there due to the changes in the past and just the inconsistency with the tax code so people don't really know what's going on at this point in time. They also note that with these spearfishings attacks, you might think, hey, these are unsophisticated attacks. I can see a spearfishing email a mile away and usually you can because they're targeted at a wide net usually. And there actually could be possibly some say purposely not as sophisticated so that the people that actually follow through with the spearfishing click on the link or call the number or whatever they're going to do to give the personal information are more likely to then actually follow through. Once they go to the fraudulent website or something like that or call the fraudulent phone stir or whatever is the next step in the process to pick up the personal information. However, they could come up with much more targeted, sophisticated fishing attacks as they might do to tax professionals because in that case they're not casting a wide net. They're trying to target the fishing to a certain individual that might get more bang for the buck if they can steal a bunch of identity from a personal individual which obviously puts the poor tax professionals into a more heightened risk situation. So just the fact that some of these frauds are not sophisticated doesn't mean that a sophisticated person can't fall for a fishing scam because they can be sophisticated. So these requests can range from email that looks like it's from a potential new client or request targeting payroll and human resource departments asking for sensitive form W2 information. Quote, it's vitally important for tax professionals and businesses to maintain a strong defense against cyber attacks like spearfishing. Quote, said IRS Commissioner Danny Warfell. Quote, the information these businesses have on their system is extremely valuable to an identity thief looking to steal identities and file fraudulent returns. And it's even more so because they keep on changing the laws and the tax code and people are confused so we're in an environment where the scammers thrive. So we have to be more careful. There are simple steps that tax pros and businesses can take to avoid being fooled by these common schemes, including extra caution when opening emails, clicking on links or sharing sensitive client data. Extra care can go a long way to protect tax professionals and businesses as well as their clients. So working together as the security summit. Just like the X-Men, I mean the X-Themes, just like the X-Themes teams, the IRS state tax agencies in the nation's tax industry have taken numerous steps since 2015 to strengthen internal system and controls to protect against tax related identity theft. As part of this effort, the IRS and summit partners continue to warn people about common scams and schemes during tax season and beyond that can threaten a taxpayer's personal and financial information. The security summit initiative, there's a link to that here, is committed to protecting taxpayers' businesses and the tax system from scammers and identity thieves and the dirty dozen is part of that large effort. The IRS's annual dirty dozen campaign is a list of 12 scams and schemes that put together, put taxpayers and tax professional community at risk of losing money, personal information, data and more. Some items on the dirty dozen are new and some make a return visit while the dirty dozen is not a legal document or a formal listing of agency enforcement priorities. It is intended to alert taxpayers and the tax professional community about various scams and schemes. Side step spear fishing, cybersecurity tips for tax pros and businesses. Fishing is a term given to emails or text messages designed to get users to provide personal information either directly or by clicking on a link or attachment. So obviously again, some of these spear fishing type of emails at this point in time, you could say they don't look as sophisticated but they can be more complex and the urges that they play upon are the typical things that scammers do. They try to give you something and ask you to reciprocate in a manipulative type of situation. So they play on that need for human beings to reciprocate and they also play on the fear factor. Of course, that's why they're going to be impersonating the IRS and they also are typically going to have a timeframe threat that's involved either if you don't act. They're going to hit you with something by blackmailing you or by by giving or by the IRS coming to get you or something like that. Or you're going to be losing out if you don't act now to get this special deal that the IRS is doing to get the next paycheck that the IRS is sending out or whatever they're calling it these days. So if you see those elements in play then obviously you want to take a step back not just for these type of scams but any kind of scammer and manipulator. So spear fishing is a tailored fishing attempt to a specific organization or business. The IRS is warning tax professionals about spear fishing because there is a greater potential for harm if the tax preparer has a data breach. A successful spear fishing attack can ultimately steal client data and tax preparer's identity allowing the thief to file fraudulent returns. Why do they attack the tax preparers? The salt of the earth? The tax preparers. It's just horrible. It's horrible. A taxpayer becoming a victim of tax related identity theft is certainly an issue with spear fishing but criminals seeking tax preparer credentials or access to their clients tax related information increases the potential number of victims. Those horrible people attacking taxpayers. Taxpayers just helping people every day doing God's work. Anyway spear fishing begins with a suspicious email one that may appear as a tax preparation application or another e-service or platform. Some scammers will even use IRS logo and claim something like quote action required. So there's that threat of this needs to happen now kind of thing. Your account has now been put on hold. Often these email stress urgency and will ask for pros businesses to click on links to input or verify information. So how side by side spear fishing how to sidestep spear fishing so that the spears coming at you it's going to hit you right in the gut and you've got to move. You've got to sidestep that thing so it goes into the guy behind you or the wall maybe hopefully it doesn't hit anyone. I don't know. Never click suspicious links. Double check your request when the original sender be vigilant year round not just during filing season. OK so good. Be careful. Be careful. Client impersonation spear fishing aimed at tax pros the IRS and its security summit partners continue to see spear fishing attempts that impersonate a new potential client. Clearly that would be a more targeted effort and people want to pick up new clients. So if they have a targeted client campaign spear fishing to an individual they can be quite more canny. Then the normal spear fishing can of worms that you that you often see with the shotgun approach of the spear fishing. So it's no one has the new client scam. There's a link to that here if the tax if the tax preparer responds the scammer sends a malicious attachment or URL that ultimately enables them to gain access to sensitive client information on the tax preparer's computer. It sounds horrifying. It's horrifying. These people need to be stopped. Not just I don't want to see just advice from the security summit new X men X them league the X them league needs to take action and get these guys. Anyways bogus requests for W to spear fishing aimed at businesses. The IRS wants to warn businesses about another specific spear fishing scam that targets employees and payroll and accounting departments. These employees might get an email that looks like it comes from an office source requesting W to use for all employees. The payroll department might accidentally reply with these important documents that's not good which would provide scammers with W to data and employees that can be used to commit fraud. The IRS recommends using a two person review process when receiving these types of requests for W to use the IRS also recommends any requests for payroll be submitted through an official process like employers human resources portal. So make a difference report fraud scams and schemes so the so the security summit over there acting like the X thems could you know probably not do much they probably won't do much but you know you at least you're doing your part. You do you got to give them the information so they can stockpile it together because crunching numbers crunching numbers that's how they do it. All right so individuals should never respond to tax related fishing and spear fishing or click the IRS link instead scammers should be reported by sending the email or a copy of the text SMS as an attachment to their fishing at IRS dot gov. The report should include the caller ID email or phone number date time and time zone and the number that received the message. Taxpayers can also report scams to the Treasury Inspector General for tax administration. There's a link to that here or the internal crime complaint center. There's a link to that here. The report fishing and online scams page there's a link to that at IRS dot gov provides complete details. The Federal Communications Commission's Smartphone Security Checker there's a link to that here is a useful tool against mobile security threats as part of the dirty dozen awareness effort. The IRS encourages people to report individuals who promote improper and abusive schemes as well as tax return preparers who deliberately prepare improper returns to report an abusive tax scheme or a tax return preparer. People should mail or fax a completed form 14242 report suspected abusive tax promotions or preparers. There's a link to that here and any supporting materials to the IRS lead development center in the office of promoter investigations mail. There's a mailing address alternatively taxpayers and tax practitioners may send the information to the IRS whistleblower office for a possible reward. That's right you can be a headhunter and a bounty hunter and collect your bounty. I don't know what the bounty is you can you can ask him if you want more detail for more information see abusive tax schemes and abusive tax return preparers. There's a link to all this stuff here. There'll be a link to this in the description.