Fraudsters generally rely on time-tested techniques like social engineering and play on the fear and stress associated with filing tax returns to coerce people into paying outstanding taxes or sharing their personal and tax-related details. They also use ransomware, malware, and trojans, to target their victims. Although everyone is vulnerable to tax fraud, financial institutions are a prime target for tax fraud. Some of the common ways, fraudsters employ to execute tax fraud are discussed below:
Although fraudsters engage in identity theft throughout the year, the tax season provides them with a bigger chance to use stolen consumer information for greater windfalls. They file fake returns to pocket the refunds. According to the IRS, about 649,000 returns filed in 2018 were found to be fake and were aimed at collecting $3.1 billion in tax return funds.
Social engineering remains one of the staple techniques for fraudsters to elicit tax details from unsuspecting taxpayers. Fraudsters, posing as representatives of the IRS, make fake calls to taxpayers and request sensitive information on the pretext of correcting inaccuracies in the filed tax returns. Similarly, phishing emails seemingly from the IRS create a sense of urgency among the recipients to take immediate action. It is estimated that nearly 12,000 taxpayers lost around $63 million to fake IRS calls in 2018.
Fraudsters begin doing the groundwork much before the May 17th deadline, by targeting the payroll officers to share W2 details of the employees. Often impersonating the CEO or a senior executive of the company, fraudsters trick payroll executives to send them the W2 forms of all employees. This data is then used for tax fraud and identity theft.
Fake tax returns
In a new tax fraud type, the entire tax return of a taxpayer vanishes. Numerous incidents of data breaches have provided fraudsters with volumes of stolen tax data. They exploit this data to create new fake accounts and file fraudulent tax returns, only to escape with the refund later. Fraudsters use stolen personal details of consumers to orchestrate account takeover attacks and to embezzle the tax refunds.
Fraudulent tax preparers
Some non-certified tax preparers may be fraudsters looking to steal refunds and engage in identity theft. They may promise larger returns than are usually possible. Fake tax preparers may also replace taxpayers' account details with their own in the direct deposit section so that the refunds reach them instead of the legitimate taxpayer.
Targeting financial services institutions
Tax season brings increased levels of activity for financial services providers. Fraudsters try to break into legitimate tax preparers' business networks to steal consumer information and refunds. In some cases, fraudsters could successfully change the refund account information with an account under their control to receive the direct deposit.
VAT fraud is a big challenge for retailers as they risk losing billions of dollars to the cheats. As per a European Commission Study, EU countries lost about €137 billion in VAT revenues in 2017. Taxes like VAT contribute 32% of the overall tax revenues in the OECD (Organisation for Economic Co-operation and Development) member countries. Therefore, financial losses due to VAT fraud are significant.
Criminal fraud rings leverage technology to scale up VAT fraud and maximize their profits. One of the most common types of VAT fraud is the Carousel Scheme, where a fraudulent company imports VAT-free goods and sells them on to an accomplice who charges VAT. The goods are sold multiple times over through fake companies that charge VAT, before finally being exported. In the meanwhile the first company vanishes without reporting VAT on consumers and the last company disappears after reclaiming the VAT for the tax agency.
Losses due to tax frauds are on the rise. The US loses nearly $ 200 billion every year to tax avoidance, whereas the EU loses anywhere between $55 billion and $75 billion every year to tax fraud. Financial services institutions are, particularly, at great risk of tax fraud, although neither consumers nor other industries are immune to them. To avoid falling prey to phishing attempts, these businesses must sensitize their employees and share best practices on how to avoid these attacks. Additionally, to detect and stop fraudsters from exploiting their business systems for fraud, they must adopt a zero-tolerance to fraud approach which protects every touchpoint—new account registration, login, and others—from an imminent attack.
Fintechs and other financial services institutions trust Arkose Labs to protect them from evolving fraud techniques that power tax fraud while ensuring a seamless user experience for their customers. To learn how Arkose Labs combines dynamic risk assessment with smart, adaptive enforcement challenges to fight complex fraud types, please book a demo now.