As we race toward the end of 2019 individuals and businesses alike are making plans and taking steps to position themselves favorably for their annual tax returns. For example, many businesses are making late year purchases to take advantage of Section 179 deductions, while individual taxpayers might be moving funds into retirement savings or making gifts as part of an estate plan. But many people are unaware of a threat that could have the biggest impact on their 2019 tax return: scammers and cyber criminals.

Exercise Doubt

Despite efforts by the IRS to educate and mobilize the public, tax-related scams continue to plague the American public. It is imperative that you increase your vigilance for and skepticism about any communication that claims to be from the IRS. You should be aware that the Internal Revenue Service (IRS) almost never makes initial contact with a taxpayer by phone or email, but generally makes notifications, inquiries and requests via U.S. mail.

Whether it is a phone call demanding payment of a falsified back tax bill, or an email asking for details on your banking or financial information (or that of an employee or customer), do not supply the requested information or respond directly. Even if you receive a letter through the U.S. postal service, be wary. Instead of calling the phone number supplied in the letter, get in touch with your tax advisor for assistance in determining if the message is, in fact, legitimate.

Hidden Threats

Perhaps even more insidious are unseen threats that occur deep in cyber space. Online thieves take advantage of the interconnectivity we all enjoy to gain access to servers and networks. They are experts at defeating firewalls and diving deep into poorly protected files in order to steal data and financial information. One approach is to steal employee information, including social security numbers and tax details, then using the data to file fraudulent tax returns and collecting any refunds.

Do not think that cybercrime is a problem that is limited to large corporations. While data breaches at big banks and nationally prominent retailers garner headline coverage, 40% of companies that fall victim to data breaches are small businesses, half of which fail within six months of experiencing the breach. In addition, Massachusetts has data protection laws in place that present serious punitive fines for any company who allows employee or customer information to be stolen.

“It is important that all businesses have a WISP – Written Information Security Program – preferably one prepared by an outside third party,” says Bobby Garrett, Director of IT and Cybersecurity at Gray, Gray & Gray. “It demonstrates to civil and legal authorities that the company has made an attempt to secure the data they control.”

The Responsibility is Yours

Remember, the IRS is not responsible for your monetary loss, nor are they particularly forgiving. Any taxes you owe must still be paid on a timely basis. So it is in your own best interest to include in your strategic tax planning steps to recognize and avoid scams, as well as cyber security measures to thwart online criminals.

For more information or assistance in recognizing and preventing scams please contact Gray, Gray & Gray at (781) 407-0300.