Woman Looking Skeptical On Phone

Thieves posing as IRS agents will try to bully you into paying fake tax bills. Just knowing how these scams work can help keep you from falling for them.

Reducing Risk

Retailers Can Defend Against IRS Scams With Awareness and Vigilance

  • 2/8/2018

Because most retail businesses are small and keep a skeleton crew in the back office, they are ideal targets for scammers posing as IRS agents. As an honest business owner eager to comply, and as a small operation facing an intimidating behemoth like the (fake) IRS, it’s easy to understand how you can unwittingly fall into the hands of these malicious thieves. But there’s a simple defense against these IRS scams: awareness. When you and your employees know how the gig works and how to recognize a fraudulent IRS collection call (as well as a real one), then you’re less likely to succumb to one.

How an IRS scam works

The most common tactic is for a scammer to contact your business by telephone and identify as an IRS agent. He or she will alert you of an unpaid tax liability from an income, payroll, or other tax account. Once you’re sufficiently concerned and confused, the phony IRS agent will urge you to act quickly and submit payment or provide sensitive financial data over the phone.

If you protest or ask for time to review and regroup, he or she will resort to bullying. You’ll be threatened with legal action, the freezing of assets, or arrest if you don’t pay the outstanding liability right now. This is when most business owners buckle and pay up on the spot, surrendering their hard-earned money to the fraudster.

The scammers lend themselves legitimacy by manipulating caller ID information to show as “Internal Revenue Service” or “IRS” on your phone. So even if they leave an urgent voice mail exhorting you to return the call immediately, you’re just as likely to be fooled and cooperate with the scheme.

Emails may also be used to entice you to click on links in official-looking messages. These emails may appear to originate from the IRS, a state or local tax agency, a tax court, or even a tax software company, and include questions related to your tax refund or an unpaid tax bill. The link, of course, deploys phishing malware that can ultimately lead to the raiding of your financial accounts.

What to do if you get an IRS scam call or phishing email

It is important for you and your employees to know how the IRS will contact you — and how it won’t.

The IRS will never:

  • Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you an invoice or notice of underpayment
  • Threaten to contact local police or other law enforcement groups to have you arrested for not paying
  • Demand that you pay taxes without giving you the opportunity to question, appeal, or respond to the notice of deficiency
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card, or ask you to make a payment to anyone other than the Department of the Treasury
  • Ask for credit or debit card numbers over the phone

If you do get a phone call from someone claiming to be from the IRS and asking for money and you don’t owe taxes:

  • Do not give out any information. Hang up immediately.
  • Contact the Treasury Inspector General for Tax Administration (TIGTA) to report the call. You can use its IRS Impersonation Scam Reporting website or contact them by it at 800-366-4484.
  • Report the incident to the Federal Trade Commission (FTC). You can use the FTC Complaint Assistant on FTC.gov to report the details of the IRS scam.

If you receive a phishing email related to taxes from the IRS:

  • Do not reply to the message
  • Do not give out any employee or business financial information
  • Do not open any attachments or click on any links. These links might have malicious code that could infect your computer and lead to other issues.

How we can help

Knowledge of these scams is your best prevention against them, and reporting them helps authorities with their efforts at prosecuting perpetrators. Training your employees on how the IRS does and doesn’t communicate with taxpayers, as well as how to spot phishing emails and to be suspicious of all links contained in emails, is a good first step. CLA’s retail industry professionals can work with you to understand your exposure to all types of information security risk and shore up any vulnerabilities.