IRS, Maryland Comptroller Warn Employers to Be Wary of W-2 Scams

ANNAPOLIS, Md. (January 18, 2018) - With the 2018 tax season starting January 29, the Internal Revenue Service, Maryland Comptroller Peter Franchot and tax industry leaders urge employers to educate their payroll staff about Form W-2 phishing scams. These schemes try to trick payroll personnel into disclosing sensitive information at small and large businesses, public schools and universities, hospitals, tribal governments and charities.

“These cybercriminals will try anything to access taxpayers’ personal and financial information,” said Comptroller Peter Franchot. “Bogus emails, fraudulent identities and persuasive claims are all in their bag of tricks. That’s why my team is laser-focused on stopping and holding accountable scammers who attempt to take advantage of law-abiding Maryland taxpayers.”

In 2017, the Maryland Comptroller’s office blocked suspicious tax returns from 95 tax preparation businesses at 113 locations throughout the state. Since taking office in 2007, Comptroller Franchot’s nationally renowned Questionable Returns Detection Team has identified and blocked more than 88,000 fraudulent returns and intercepted and denied $190.2 million worth of fraudulent refunds.

Last year, the IRS said reports to phishing@irs.gov from victims and non-victims about this scam jumped to approximately 900, compared to slightly more than 100 in 2016. More than 200 employers were victimized in 2017, which translated into hundreds of thousands of employees who had their identities compromised.

By alerting employers now, the IRS and its partners in the Security Summit effort hope to reduce the number of victims this year. Last year, the IRS also created a new process to report these scams.

Here’s how the scams work: Cybercriminals identify chief operating officers, school executives or others in authority. Using a technique known as business email compromise or business email spoofing, fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees. The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. Criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.

The IRS has established a special email notification address specifically for employers to report Form W-2 data thefts. Email dataloss@irs.gov to notify the IRS of a Form W-2 data loss and use the subject line “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data. Include your business name, business employer identification number (EIN) associated with the data loss, name, phone number, summary of how the data loss occurred and volume of employees impacted.

Employers can learn more at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. Employers also should be aware that cybercriminals’ scams constantly evolve. Finance and payroll personnel should be alert to any unusual requests for employee data.

IRS Says Standard Mileage Rates for 2018 to Increase From Rates for 2017

ANNAPOLIS, Md. (December 28, 2017) - The Internal Revenue Service has issued the 2018 optional standard mileage rates used to calculate the deductible costs of operating an automobile for business, charitable, medical or moving purposes.

Beginning on Jan. 1, 2018, the standard mileage rates for the use of a car (also vans, pickups or panel trucks) will be:

  • 54.5 cents for every mile of business travel driven, up 1 cent from the rate for 2017.
  • 18 cents per mile driven for medical or moving purposes, up 1 cent from the rate for 2017.
  • 14 cents per mile driven in service of charitable organizations.

The business mileage rate and the medical and moving expense rates each increased one cent per mile from the rates for 2017. The charitable rate is set by statute and remains unchanged. The standard mileage rate for business is based on an annual study of the fixed and variable costs of operating an automobile. The rate for medical and moving purposes is based on the variable costs.

Taxpayers always have the option of calculating the actual costs of using their vehicle rather than using the standard mileage rates. More information may be found at IRS.gov.

IRS Has Tips for What to Do Before the Tax Year Ends on December 31

ANNAPOLIS, Md. (December 27, 2017) - As tax filing season approaches, the Internal Revenue Service is reminding taxpayers that there are things they should do now to get ready for filing season. Here are some tips to get ready:

  • For most taxpayers, Dec. 31 is the last day to take actions that will affect their 2017 tax returns. For example, charitable contributions are deductible in the year made. Donations charged to a credit card before the end of 2017 count for the 2017 tax year, even if the bill isn’t paid until 2018. Checks to a charity count for 2017 as long as they are mailed by the last day of the year.
  • Taxpayers over age 70 ½ are generally required to receive payments from their individual retirement accounts and workplace retirement plans by the end of 2017, though a special rule allows those who reached 70 ½ in 2017 to wait until April 1, 2018, to receive them.
  • Most workplace retirement account contributions should be made by the end of the year, but taxpayers can make 2017 IRA contributions until April 18, 2018. For 2018, the limit for a 401(k) is $18,500. For traditional and Roth IRAs, the limit is $6,500 if age 50 or older and up to $15,500 for a Simple IRA for age 50 or older.
  • Taxpayers should be careful not to count on getting a refund by a certain date, especially when making major purchases or paying other financial obligations.
  • Taxpayers who have moved should tell the U.S. Postal Service, employers and the IRS. To notify the IRS, mail IRS Form 8822, Change of Address, to the address listed on the form’s instructions. For taxpayers who purchase health insurance through the Health Insurance Marketplace, they also should notify the Marketplace when they move out of the area covered by their current plan.
  • For name changes due to marriage or divorce, notify the Social Security Administration so the new name will match IRS and SSA records. Also notify the SSA if a dependent’s name changed. A mismatch between the name shown on your tax return and the SSA records can cause problems in the processing of a return and may even delay a refund.
  • Some refunds cannot be issued before mid-February. By law, the IRS cannot issue refunds before mid-February for tax returns that claim the Earned Income Tax Credit or the Additional Child Tax Credit. The IRS expects the earliest EITC/ACTC related refunds to be available in taxpayer bank accounts or on debit cards starting on Feb 27, 2018, if they chose direct deposit and there are no other issues with the tax return.
  • Some Individual Taxpayer Identification Numbers must be renewed. Any Individual Taxpayer Identification Number not used on a tax return at least once in the past three years will expire on December 31, 2017. Additionally, all ITINs issued before 2013 with middle digits of 70, 71, 72 or 80 (Example: 9XX-70-XXXX) will also expire at the end of the year. As a reminder, ITINs with middle digits 78 and 79 that expired in 2016 can also be renewed. Only taxpayers who need to file a U.S. federal tax return or are claiming a refund in 2018 must renew their expired ITINs. Affected ITIN holders can avoid delays by starting the renewal process now.
  • Those who fail to renew before filing a return could face a delayed refund and may be ineligible for some important tax credits. More information, including answers to frequently asked questions is available on IRS.gov/ITIN.
  • Keeping copies of tax returns is important. Taxpayers may need a copy of their 2016 tax return to make it easier to fill out a 2017 tax return. Some taxpayers using a software product for the first time may need to provide their 2016 Adjusted Gross Income, or AGI, to e-file their 2017 tax return.

Taxpayers who do not have a copy of their 2016 return and are existing users can log in to IRS.gov/account if they need their AGI. Otherwise the IRS will mail a Tax Return Transcript if requested online or by calling 800-908-9946. Plan ahead. Allow five to 10 days for delivery. Visit the IRS’ website to learn more about identification verification and electronically signing tax returns.

IRS Warns Taxpayers of Email Scam Targeting Hotmail Users

ANNAPOLIS, Md. (December 14, 2017) – The Internal Revenue Service is warning taxpayers and tax professionals of a new email scam targeting Hotmail users that is being used to steal personal and financial information.

The phishing email subject line reads: “Internal Revenue Service Email No. XXXX | We’re processing your request soon | TXXXXXX-XXXXXXXX.” The email leads taxpayers to sign in to a fake Microsoft page and then asks for personal and financial information.

“Cyber thieves are always on the hunt to take Maryland taxpayers’ money,” Comptroller Peter Franchot said. “That’s why my staff and agents remain vigilant in alerting consumers to scams like this, particularly at holiday time when people are distracted by the holiday rush.”

The IRS has received more than 900 complaints about this new phishing scheme that seems to exclusively target Hotmail users. The suspect websites associated with this scam have been shut down, but taxpayers should be on the lookout for similar schemes.

Individuals who receive unsolicited emails claiming to be from the IRS should forward it to phishing@irs.gov and then delete it. It is important to keep in mind the IRS generally does not initiate contact with taxpayers by email to request personal or financial information. For more information, visit the Tax Scams and Consumer Alerts page on IRS.gov.

The IRS reminds tax professionals to be aware of phishing emails, free offers and other common tricks by scammers. Tax professionals who have data breaches should contact the IRS immediately through their Stakeholder Liaison at the webpage for Data Theft Information for Tax Professionals.

Taxpayers with Expiring ITINs Should Renew before December 31

ANNAPOLIS, Md. (December 6, 2017) – The Internal Revenue Service is reminding taxpayers with expiring Individual Taxpayer Identification Numbers (ITINs) to submit their renewal applications as soon as possible. Failing to renew them by the end of the year will cause refund and processing delays in 2018.

Over the summer, the IRS mailed letters to more than one million taxpayers whose ITINs are set to expire – those with middle digits 70, 71, 72 or 80. Any ITIN that has not been used on a federal tax return at least once in the last three consecutive years also will expire at the end of the year. Affected taxpayers who expect to file a tax return in 2018 must submit a renewal application by the deadline.

Who should renew an ITIN?

• ITINs with middle digits 70, 71, 72, or 80 (For example: 9NN-70-NNNN) need to be renewed if the taxpayer will have a filing requirement in 2018.
• Taxpayers whose ITINs expired due to lack of use should only renew their ITIN if they will have a filing requirement in 2018.
• Taxpayers who are eligible for or who have a SSN should not renew their ITIN but should notify IRS both of their SSN and previous ITIN so that their accounts can be merged.
• Taxpayers whose ITINs have middle digits 78 or 79 that had already expired and were never renewed should renew their ITIN if they will have a filing requirement in 2018.
To renew an ITIN, taxpayers must complete a Form W-7 and submit all required documentation. Although a Form W-7 is usually attached to the tax return, a taxpayer is not required to attach a federal tax return to their ITIN renewal application.

There are three ways to submit the W-7 application package:

• Mail the Form W-7, along with original identification documents or copies certified by the issuing agency, to the IRS address listed on the Form W-7 instructions. The IRS will review the identification documents and return them within 60 days.
• Taxpayers have the option to work with Certified Acceptance Agents (CAAs) authorized by the IRS to help them apply for an ITIN. CAAs can certify all identification documents for primary and secondary taxpayers and certify that an ITIN application is correct before submitting it to the IRS for processing. A CAA can also certify passports and birth certificates for dependents. This saves taxpayers from mailing original documents to the IRS.
• In advance, taxpayers can call and make an appointment at a designated IRS Taxpayer Assistance Center instead of mailing original identification documents to the IRS. When making an appointment, be sure to indicate that this involves an ITIN renewal application.

Visit IRS.gov for more information.

Thieves Are Using W-2 Scam to Get Employee Data, Tax Information

ANNAPOLIS, Md. (December 1, 2017) – The IRS is warning business, payroll and human resource communities about a growing W-2 email scam by which criminals are gaining access to W-2s and other sensitive tax information that employers have about their employees.

During National Tax Security Awareness Week this week, the IRS has been partnering with state tax agencies – including the Maryland Comptroller’s Office and tax industry stakeholders – to remind people about the importance of data protection.

W-2 scams put workers at risk for tax-related identity theft. The IRS recommends that all employers educate employees about this scheme, especially those in human resources and payroll departments. These employees are usually the first targets.

Here are five warning signs about the scam:

• The thief poses as a company executive, school official or other leader in the organization.
• Scam emails often start with a simple greeting. It can be something like, “Hey, you in today?”
• The crook sends an email to an employee with payroll access and requests a list of all employees and their Forms W-2. The thief may even specify the format in which they want the information.
• Thieves use many different subject lines and use words like “review,” “manual review” or “request.” In some cases, the thief may send a follow up email asking for a wire transfer.
• Because payroll officials believe they are corresponding with an executive, it may take weeks for someone to realize a data theft occurred. Criminals usually try to use the information quickly, sometimes filing fraudulent tax returns within a day or two.

This scam is such a threat that a special IRS reporting process has been set up. If you think you were a victim of this scam, visit IRS.gov to find out how to report it.

Recognize Phishing Email Scams

ANNAPOLIS, Md. (November 28, 2017) - The IRS reminds taxpayers to be on the lookout for new, sophisticated email phishing scams that can compromise personal information and affect a taxpayer’s refund. This week is National Tax Security Awareness Week and the IRS is partnering with state tax agencies, including the Maryland Comptroller’s Office and other industry stakeholders to remind people about the importance of data protection.

“One of my top priorities as Comptroller is to stop cyber thieves from tricking Marylanders with bogus emails seeking personal financial information,” said Comptroller Peter Franchot. “Working together with our federal and state partners, we will hold accountable these scammers who take advantage of law-abiding taxpayers.”

Phishing attacks use email or malicious websites to get personal information from the user. Typically, the criminal fools someone into believing the phishing email is from someone they trust. The emails often look and feel like authentic communications, but these targeted messages can trick even the most cautious person into doing something that may compromise data.

Taxpayers should be vigilant and skeptical. Even if the email is from a known source, they should use caution because cyber crooks are very good at mimicking trusted businesses, friends and family.

Here are six examples of email phishing scams:

  • Emails requesting personal information. The thief might ask for bank account numbers, passwords, credit cards and Social Security numbers. This is the most common way thieves steal data.
  • An email urgently warning the recipient to update online financial accounts at a hyperlink provided in the email. The link goes to a fake site.
  • A message with an email address spoofing a familiar address to look like trusted businesses, friends and family. The fake address has a slight change in text, such as name@example.com vs narne@example.com. Merely changing the “m” to an “r” and “n” can trick people.
  • Emails saying the recipient has a tax refund waiting at the IRS or that the IRS needs information about insurance policies. The IRS doesn’t initiate spontaneous contact with taxpayers by email to request personal or financial information.
  • The message has hyperlinks that take someone to a fake site. In one example, the email says: “Following recent calculations, we notice that you are eligible to receive a tax refund. In order to start the refund procedure, please visit this link and follow the steps required.” The link goes to a fake site. The IRS doesn’t send emails asking for refund verification.
  • The message includes a PDF attachment that may download malware or viruses. Never open an attachment from a suspicious email address.

For more information, visit:

National Tax Security Awareness Week: Eight Steps to Keep Online Data Safe

ANNAPOLIS, Md. (November 27, 2017) — During the holiday shopping season, shoppers are looking for the perfect gifts and criminals are looking for sensitive data. This data includes credit card numbers, financial accounts and Social Security numbers. Cybercriminals can use this information to file a fraudulent tax return. During National Tax Security Awareness Week, the IRS is partnering with state tax agencies, the tax industry and groups across the country to remind people about the importance of data protection.

“Online scammers are very active during the holiday season and we want Marylanders to know how to keep their personal information secure,” said Maryland Comptroller Peter Franchot.

Anyone with an online presence can do a few simple things to protect their identity and personal information. Following these eight steps can also help taxpayers protect their tax return and refund in 2018:

• Shop at familiar online retailers. Generally, sites with an “s” in “https” at the start of the URL are secure. Users can also look for the “lock” icon in your browser’s URL bar. That said, some criminals may get a security certificate, so the “s” may not always mean a site is legitimate.

• Avoid unprotected Wi-Fi. Users should not do online financial transactions when using unprotected public Wi-Fi. Unprotected public Wi-Fi hotspots may allow thieves to view transactions.

• Learn to recognize and avoid phishing emails that pose as a trusted source. These emails can come from a source that looks like a legitimate bank or even the IRS. These emails may include a link that takes the user to a fake website. From there, the thieves can steal usernames and passwords.

• Keep a clean machine. This includes computers, phones and tablets. Users should install security software to protect against malware that may steal data. This software also protects against viruses
that may damage files.

• Use passwords that are strong, long and unique. Experts suggest a minimum of 10 characters. Use a combination of letters, numbers and special characters. Use a different password for each account.

• Use multi-factor authentication when available. Some financial institutions, email providers and social media sites allow users to set their accounts for multi-factor authentication. This means users may need a security code, usually sent as a text to their mobile phone, in addition to a username and password.

• Sign up for account alerts. Some financial institutions will send email or text alerts to an account holder when there is a withdrawal or change to their accounts. Generally, people can check their account profile to see what added protections may be available.

• Encrypt sensitive data and protect it with a password. People who keep financial records, tax returns or any personal information on their computer should protect this data. Users should also back up important data to an external source. When disposing of a computer, mobile phone or tablet, people should make sure they wipe the hard drive of all information before trashing.

For more information, please click:

Taxes. Security. Together
Protect Your Clients; Protect Yourself
Don’t Take the Bait

Taxpayers Can Use IRS Select Check Tool Before Donating on Giving Tuesday

ANNAPOLIS, Md. (November 27, 2017) – Giving Tuesday is an annual event celebrated the week after Thanksgiving to kick off the season of charitable giving. Taxpayers making donations may be able to deduct them on their tax return. As they decide where to make their donations, the IRS has a tool that may help.

Exempt Organizations Select Check on IRS.gov is a tool that allows users to search for charities. It provides information about an organization’s federal tax status and filings. Here are four facts about EO Select Check:

• Donors can use it to confirm an organization is tax exempt and eligible to receive tax-deductible charitable contributions.

• Users can find out if an organization had its tax-exempt status revoked. A common reason for this is that the organization did not file its Form 990 or notices annually as required.

• EO Select Check does not list certain organizations that may be eligible to receive tax-deductible donations. This includes churches, organizations in a group ruling, and governmental entities.

• An organization’s “doing business as” name is not searchable. Search using an organization’s legal name instead.

Taxpayers can also use the Interactive Tax Assistant, Can I Deduct my Charitable Contributions? to help determine if a charitable contribution is deductible.
For more information, please click:
Exempt Organizations Select Check – Search Tips
Exempt Organizations Select Check Frequently Asked Questions

 

IRS National Tax Security Awareness Week Runs Nov. 27 to Dec. 1

ANNAPOLIS, Md. (November 21, 2017) ― For the second year, the Internal Revenue Service, state tax agencies – including the Maryland Comptroller’s Office – and the tax industry will host National Tax Security Awareness Week to encourage individual and business taxpayers to take steps to protect their tax data and identities in advance of the 2018 filing season.

Starting Monday, November 27, the focus will be on issues posing a threat to individuals and businesses and steps to protect taxpayers from cybercriminals. In recent years, the IRS, state tax agencies and the tax industry – partners in the Security Summit – have enacted a series of defenses to combat tax-related identity theft.

“We are resolute in our commitment to protecting Marylanders’ financial information and the integrity of our tax system,” Maryland Comptroller Peter Franchot said. “Throughout the year, my employees work tirelessly to identify fraudulent returns from thieves trying to drain the state coffers and from cheating Maryland citizens.”

Throughout the country, Summit partners and other consumer, business and community groups will host more than 25 events to raise tax data awareness during the week. In Maryland, the Internal Revenue Service’s Stakeholder Liaison – including the Maryland Comptroller’s Office – and the Maryland Society of Accounting and Tax Professionals will take part in a forum from 9:30 to 11:30 a.m. Tuesday, November 28, at the University of Phoenix, 8830 Stanford Boulevard, Room 128, in Columbia. Panelists will discuss ways to combat cyber thieves looking to trick people into disclosing sensitive information so they can file fraudulent tax returns.

The holiday season is an especially vulnerable time for online thievery as Marylanders do their holiday shopping and provide credit card and other personal information. Throughout the country, 145 million American have had their names, addresses and Social Security numbers stolen from a variety of locations.

The IRS and states have put many new defenses in place to help protect taxpayers from identity theft. The new IRS protections have worked well and some key indicators of identity theft on tax returns have dropped by around two-thirds since 2015. These protections are especially helpful if criminals only have names, addresses and Social Security numbers. However, the cybercriminals may try to obtain more specific financial details from taxpayers and tax professionals.

During the awareness week, taxpayers and tax professionals will learn:

  • Basic steps to protect themselves and their tax data online, such as using security software, strong passwords and data encryption.
  • What to do if they are a data breach victim, such as placing a freeze on their credit accounts and the signs of tax-related identity theft.
  • How cybercriminals use phishing emails to bait them into disclosing information.
  •  The dangers W-2 Scam that has made identity theft victims of thousands of employees.
  • Those small businesses also are subject to identity theft and should take steps to protect themselves.

The Summit partners will urge taxpayers to protect their tax and financial information by:

  • Learning to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as bank, credit card company and government organizations (including the IRS), and to not click on links or download attachments from unknown or suspicious emails.
  • Always using security software with firewall and anti-virus protections. Making sure the security software is always turned on and can automatically update. Encrypting sensitive files such as tax records you store on your computer. Using strong passwords.
  • Protecting personal data. Using strong unique passwords for each online account. Don’t routinely carry a Social Security card, and making sure tax records are secure. Treat personal information like you do your cash; don’t leave it lying around.

For more information, visit irs.gov.