Security Awareness - Tax Scams 2020

Mar 10, 2020 3:00:02 PM


Few people like the process of completing their taxes every year. But no one wants to be scammed out of the monies owed to them by the government. Be especially careful about those that contact you regarding your taxes, and confirm the sources of those emails and calls whenever possible.

NOTE: This is the first blog in a series of Security Awareness blogs that will be shared by EMA, with the purpose of being shared and redistributed to your employees to improve / augment your Security Awareness Training efforts. Questions and / or topic selection can be sent to

Tax season is upon us once again, and so are the fraudsters that try to take advantage of the occasion. The Internal Revenue Service (IRS) has a comprehensive site that tracks many of the current scams, as well as some of the historical scams that seem to resurface from time to time. As with past years, there are several tips that the average consumer can follow to protect your information as well as your IRS refund.

• Phishing Emails: According to the IRS, scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Phishing is not limited to just the IRS – the fraudsters know that it only takes a single instance of someone clicking on an embedded link to make their efforts successful and sending out thousands of emails cost them nothing. Simply put, the IRS does not initiate investigations or ask for your personal information via email. When an email of this type comes to your email inbox, just delete it or follow your corporate email SPAM policy.

• Robocalls: There have been multiple robocall attacks over the years: a robot (usually from a fake or unidentified number) will call asking for the person’s social security number and to play a fine (laughably sometime the fine is asked to be paid in gift cards, which the IRS will never do). They are also known to threaten callers with police action (think black-clad troopers descending from helicopters onto your roof). The IRS recommends that you always verify the call is legitimate (the IRS – from time to time – will make phone calls to confirm information, but they will ALWAYS contact you via mail first), and that if in doubt, to call the IRS back directly to the number provided on the website or on your billing notice.

• Not Just Your Federal Taxes: In recent years, the fraudsters have turned their focus to state returns and refunds instead of federal taxes. The thinking is that the victim may have already heard about some of the federal scams (as they are often publicized in the local media) but not so much at the state level. There are reports from fictitious state agencies asking for customers to pay delinquent tax bills (again, often asking for payment in gift cards, which is a sure sign of a scam). Many states take part in the Identity Protection PIN program (, which is another effort to protect your submissions and returns. Same as above – when fraudsters call or contact from the state about your taxes, confirm that they are legitimate before releasing ANY of your personal information.

Chris Steffen

Written by Chris Steffen

Chris brings over 20 years of industry experience to Enterprise Management Associates, focusing on IT management/leadership, cloud security, and regulatory compliance.

Chris has had a variety of roles as a professional, from Camping Director for the Boy Scouts to Press Secretary for the Colorado Speaker of the House. His technical career started in the financial services vertical as the systems administrator for a credit reporting company. As the company continued to grow, Chris built the Network Operations, Information Security, and Technical Compliance practices before leaving as the Principal Technical Architect. He was the Director of IT for a manufacturing company and the Chief Evangelist for several technical companies, focusing on cloud security.

Prior to joining EMA, Chris served as the CIO of a financial services company and supervised the technology-related functions of the enterprise, including the development and implementation of the company’s technical vision and management of the technical staff. He also guided the company through a NIST 800-53 evaluation and successfully obtained an Authority to Operate (ATO).

Chris holds several technical certifications, including Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA), and was awarded the Microsoft Most Valuable Professional Award five times for virtualization and cloud and data center management (CDM).

B.A., Political Science (Summa Cum Laude), Metropolitan State College of Denver

    Lists by Topic

    see all

    Posts by Topic

    see all

    Recent Posts