FightCybercrime.org

Recognize, report and recover from cybercrime.

Business Tax Scams

Tax scams can cheat you and your business out of your hard-earned money. Discover how to recognize, report and recover from these scams.

Get Started Report Cybercrime
Home » Scams » Business Scams » Business Tax Scams

The Basics of Business Tax Scams

It’s no secret that taxes can be confusing and stressful for business owners. Unfortunately, there are also a number of scams out there specifically targeting businesses and their tax obligations. As a business owner, it’s important to be aware of these types of scams. Scammers might pose as the IRS, an accountant or an employee, but they all have the same goal: to cheat you and your business out of your hard-earned money.

Common Types of Business Tax Scams
  • Phishing Scam: Someone posing as the IRS or another tax authority contacts a business owner and requests personal or financial information. This information is then used to commit identity theft or fraud. 
  • False Promise Scam: Someone promises to help a business owner lower their taxes in exchange for a fee. However, these services are often not legitimate and the business owner ends up paying more in taxes than they would have without the help.
  • W-2 Scam: A business owner is contacted by someone posing as an employee or contractor and requests a W-2 form. This form is then used to file a false tax return and claim a refund.
Risks Associated with Business Tax Scams
  • Financial Losses: Business tax scams can lead to hefty financial penalties and even jail time. Typically, these scams involve falsifying or exaggerating deductions on your taxes in order to get a larger refund. 
  • Loss of Sensitive Data: These scams can put your business and personal financial data at risk. They often involve falsifying or altering records in order to “frame” someone for a crime, or stealing personally identifiable information from businesses and individuals in order to commit fraud, identity theft and other crimes.
  • Damage to Reputation: If your business is caught up in a tax scam, it could damage your reputation and make it difficult to attract customers or secure financing. This is especially true if the scam is publicized in the media.

Step 1:Recognize

Red Flags of Business Tax Scams

If you are contacted by someone in regard to your business taxes, there are some red flags to look for that may indicate that you are being scammed, such as:

  • They contact you by email, text message or social media. The IRS will always make initial contact via mail.
  • They demand that you pay your taxes without giving you the opportunity to appeal or dispute the amount owed.
  • They require you to use a specific payment method, such as a prepaid debit card, gift card, cryptocurrency or wire transfer.
  • They threaten to have you arrested or deported if you don’t pay.
  • They charge a fee for their services.
  • They ask for your personal or financial information.
  • They promise to help you get out of paying your taxes or to help you find “loopholes” in the tax code.

This list is not exhaustive, but these are some common warning signs of business tax scams.

Step 2:Immediate Actions

If you are the victim of a business tax scam, don’t despair. There are steps you can take to protect yourself and your finances. By taking action quickly and being proactive, you can minimize the damage caused by these scams. Here are some steps to take if you think you have been scammed:

  • Keep all documentation related to the scam, including any emails, letters or receipts. This will be helpful when you file a police report or take legal action against the scammer.
  • Report any unsolicited email claiming to be from the IRS to [email protected].
  • If someone submitted a tax return using your business name or Employer Identification Number (EIN), complete an IRS Business Identity Theft Affidavit (Form 14039-B).
  • If you provided financial information, like your credit card number or bank account information, contact your bank or credit card company. This will help stop the scammer from accessing your accounts and using your information to make additional purchases.
  • If you sent gift cards or wire transfers, contact the issuer. They may be able to help you stop the transaction.
  • If you provided personal information, like your Employer Identification Number, contact the three major business credit reporting agencies — Dun & Bradstreet, Equifax and Experian. You may want to consider placing a fraud alert on your credit reports. This will make it harder for the scammer to open new accounts in your business’s name.

Step 3:Report

Reporting any type of cybercrime, including business tax scams, is imperative to help others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.

Report to FBI

Step 4:Recover

How to Protect Your Business from Cyber Attacks

To protect your organization from cyber attacks:

  • Educate your employees about cyber threats. Search for free cybersecurity training videos on YouTube.
  • If you have the budget, consider investing in cybersecurity training for your employees to educate them about threats, and what they can do to help protect themselves and the business from cyber attacks.
  • Instruct your employees to report anything suspicious to you or their supervisor.
  • Implement security measures such as two-factor authentication and email filtering.
  • Monitor your organization’s email traffic for any suspicious activity.
  • Have a plan in place for what to do in the event of a cyber attack, so you can quickly contain the damage and minimize the impact on your business.

Take 5 Steps for Better Online Security

It’s important to strengthen your business’ online security to help avoid all cyber attacks. Take action to improve your digital posture by following these steps:

  1. Implement Multi Factor Authentication (MFA): Passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Implementing MFA is a great way to maximize your security and ensure that you are the only one who can gain access to your accounts. MFA should be implemented on all accounts where it is available. Check your account’s security settings to see if it is something you can set up.
  2. Update Your Privacy Settings: Privacy settings allow you to control your personal information (name, address, phone number, date of birth, financial details, photos or videos, etc) and how that information is used. Review your privacy settings on all of your accounts including your social media accounts. Consider restricting who can see your friends list, contacts, photos and posts.
  3. Activate Automatic Updates: Automatic updates are a set of changes to an app, software or operating system that are automatically pushed by the developer to fix or improve it. Oftentimes, cybercriminals take advantage of security flaws to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect your data.
  4. Use a Password Manager or Create Strong Passphrases: A password manager is a software tool that securely stores all of your login credentials in one place, allowing you to create and manage strong, unique passwords for all of your accounts. If you are unable to afford a password manager, use strong passphrases. A passphrase is a combination of random words or a sentence that is much longer and more complex than a typical password. Using a passphrase instead of a password makes it much harder for hackers to guess or brute-force their way into your accounts.
  5. Learn the Elements of a Phishing Attempt: Familiarize yourself with the elements of a phishing email. Phishing emails tend to include a sense of urgency and multiple grammar and spelling errors. If they are asking you to reveal personal information, be suspicious. If you get a strange email, try contacting the company another way to confirm they sent that email. If the email is suspicious, mark it as spam.

TestimonialHear from Other Victims

Without Fightcybercrime.org, I don't know if I would have been able to react as quickly to protect my personal information.
Mary - Indianapolis, IN

Latest News

The latest and greatest from our blog.

> IRS Scams: How to Spot Them and Protect Your Business

IRS Scams: How to Spot Them and Protect Your Business

Business IRS scams involve criminals impersonating IRS agents to trick you into sending them money. Learn how to spot and avoid these scams.

Read Full Article

Branding