Scamming the Pandemic: Tax Fraud and Covid-19

Symantec, as a division of Broadcom, has already published blogs detailing how spammers and scammers are using coronavirus-themed lures in their malicious email campaigns, and how malicious Android apps are also exploiting the outbreak.

Criminals have also seized upon the pandemic to unleash a torrent of tax fraud schemes and scams.  Tax scams tend to become more frequent during times of economic and social crisis. But even by that criteria, 2020 was unique thanks to a combination of the Covid-19 pandemic, stimulus checks, and a shift to working from home. The abrupt changes have created unprecedented opportunities for criminals to target both individuals and businesses and try to obtain vital personal, business, and financial information.

As the deadline to file 2020 returns draws near, stay alert to the most insidious of these scams. Here’s what you need to know and how to protect yourself and your business from becoming a victim.

Phishing for Coronavirus

Many of the most common frauds are practically evergreen in their use and adaptability. One of the most common is phishing scams. IRS Criminal Investigation (CI), the arm of the IRS charged with investigating financial crimes involving the IRS, says that 2020 generated a tremendous increase in phishing schemes. CI reports that phishing scams using keywords such as coronavirus, COVID-19, and stimulus in various ways mushroomed across every possible form of personal communication, including emails, letters, texts, and fake websites.

Many of the phishing scams, and especially those relating to Economic Impact Payments (EIP), the stimulus checks issued to many Americans as part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, purport to be from the IRS. They typically request personal data such as an individual’s social security number or bank account information.

To protect oneself, it is important to note that the IRS never initiates contacts with a taxpayer via email. In fact, the best advice is to never click on any link that represents itself as coming from the IRS.

Leveraging the Stimulus

A number of scams leverage the stimulus as a cover to steal the payments or personal information. Often these scams target the elderly in nursing homes and individuals who are non-English speakers. Typically, they may claim that the stimulus payment needs to be transferred to them for a debt collection or, if posing as the IRS, to satisfy a tax lien or other repayment.

EIP Investments

EIP-related scams involve everything from selling fake “at-home” Covid test kits, fake cures and vaccines, pills, and even medical or therapeutic advice. One of the most successful of these scams offers opportunities to invest early in companies making one of the vaccines and promising outlandish returns on the investment (ROI).

The Opposite of Charity

One of the nastiest of the pandemic-related scams involves fake charities that solicit donations for individuals, groups, or areas affected by the Coronavirus. Note that there is a major red flag that recipients of these solicitations can always spot: Legitimate charities are obligated by law to provide their Employee Identification Number (EIN) on any solicitation. The IRS provides a tool on its website that allows anyone to run a suspect EIN to determine if it is a legitimate tax-exempt charitable organization. The IRS also offers regular updates on its website about any newly reported or novel tax scams or frauds.

In addition, the federal government provides a number of other tools and services to help individuals and businesses thwart and report potential fraud. Some of the most important include:

Tax Fraud Resources

• The National Center for Disaster Fraud (NCDF) is the national coordinating agency within the Department of Justice (DOJ) dedicated to combatting fraud crime related to natural and man-made disasters, such as the pandemic.  Coronavirus-related scams can be reported to the NCDF Hotline at: (866) 720-5721 or submitted through the NCDF Complaint Form.
• Taxpayers can report fraud or theft of EIP stimulus payments to the Treasury Inspector General for Tax Administration.
• Taxpayers can report phishing attempts to the IRS.
• The IRS website has a section for Tax Fraud Alerts, which provides a wealth of information about tax scams and how to avoid or report them.
• The IRS also publishes The Dirty Dozen list annually to help raise awareness about the most common scams targeting people that tax year.

All of these tools and resources, along with the others mentioned earlier, are available free of charge.

Protection  

Now more than ever, enterprise faces daunting challenges in protecting its business:

• Emerging and evolving threats
• Privacy and compliance regulations
• Increased risk that accompanies digital transformation

With 100s of point-solution vendors and cheap, ineffective tools, enterprises face a cyber security dilemma that only a truly integrated platform can resolve.

See how Symantec is driving innovation to help you solve your toughest challenges and why Symantec has been an industry-leader in all primary security categories for more than 10 years running. Our portfolio has best-in-class solutions for Endpoint Security, Identity Security, Information Security and Network Security, delivering end-to-end security through an Integrated Cyber Defense Platform.