(This post originally appeared on Inc)
Want a quick way to make some easy dough? OK, here’s what you do.
First of all, you need to impersonate someone from the Internal Revenue Service. Just act bored and listless. If it helps, read a few of my columns. That’ll get you in the right mood.
Then you either call or email (using a fake email address, of course) a small-business owner or an unsuspecting payroll manager or bookkeeper from a small business, and say you need to verify the information of an employee or executive or even the actual owner. You ask for the person to send to you a copy of the W-2 form or at least share the social security number from the form. Amazingly, there will be people that do this. Once you have it, quickly make up a fake tax return that’s due a sizeable refund using that number and then collect the check when it’s mailed to a post office box you’ve established. By the time anyone realizes it, you’re long gone.
I call that the Speedy Refund Trick — pretty clever, huh? And c’mon… it’s a catchy little name, too.
This stuff is not that hard to do. And according to Zac Cohen, a general manager at the financial verification service Trulioo, tax fraud schemes like this are happening all over the place, and more than ever. “Some of these criminals are so confident in their skills,” Cohen told PYMNTS.com. “Or at least sure enough that a reduced headcount at the IRS provides strong odds against an audit or detection, that they have even used the same four addresses for over 300 tax returns. It sounds amazing, but it’s happening.”
The Speedy Refund Trick isn’t the only game in town. There are other ways that fraudsters are duping small businesses.
For example, there’s the W-2 Switcheroo (again, that’s the name I came up with; you have to admit, it’s kind of catchy). The W-2 Switcheroo works like this: Fraudsters get W-2 information about an employee from an unsuspecting accounting-type person either in your company or at your tax preparer’s — just like they do in the Speedy Refund Trick. But instead of filing a fake return, they either sell the information on the dark web or use it to apply for loans, credit cards, or other nefarious purposes.
There’s also the EIN You’re My Friend trick. That’s another name I created (I’ll admit it’s not as clever as the other two). This is when the fraudster steals your company Employer Identification Number — again, from that unsuspecting accountant or office person — and then uses it to file and receive fraudulent refunds from your state or city, or to impersonate your business, request credit, buy products, and conduct other transactions as if they are you.
These frauds are perpetuated because of ignorance and laziness. Yours. Mine. Our employees. Even our tax preparers.
We’re ignorant because we’re often not aware of the many email and “phishing” campaigns that lure us into either clicking a dubious link or browsing a fake website while, unbeknownst to us, malware is being downloaded onto our devices and networks that prowls for sensitive information. We don’t realize we’re subject to hacking just by accessing public Wi-Fi spots in airports and coffee shops with our work computers.
We’re lazy because we don’t make the effort to get ourselves and our employees trained so we are more aware of these things. We let our security software lapse. We don’t change our passwords often enough. We don’t update our operating systems and Web browsers. We don’t encrypt sensitive files with confidential information. We don’t invest in more advanced login protocols like biometrics or two-factor authentication. We don’t delete old files. And while I’m at it, let me add that we don’t eat right or exercise enough.
All of these steps — which are more fully described in an excellent tip sheet recently published by the National Cyber Security Alliance — would reduce the chance of our becoming a victim of the W-2 Switcheroo, the Speedy Refund Trick, or even the EIN You’re My Friend scams. At the very least, we could lose a few pounds.
“Following good cybersecurity practices during tax season and throughout the year allows everyone to reap the benefits of connectivity and increased confidence,” said Kevin Coleman, the National Cyber Security Alliance’s Executive Director.
He’s right, of course and we all need to take that advice. I promise I will. Just as soon as I come up with a better name for the EIN You’re My Friend scam.