Skip to Main Content
Sign On

Each year, when tax season is in full swing, taxpayers may receive an email or phone call that is purportedly from the Internal Revenue Service (IRS). The sender or caller usually requests personal information, references a significant tax bill or issue facing the taxpayer, and follows with a demand for immediate payment. The taxpayer may even be threatened with police arrest, driver’s license revocation or other consequences if they do not cooperate.

These tax scams are designed to trick a taxpayer into surrendering information the fraudster then uses to exploit their financial assets.

In recent years, fraudulent tax schemes have moved from common headache to epidemic. According to the IRS, over a monitoring period of late January to early March 2017, they identified 14,068 fraudulent returns involving identity theft. The Treasury Inspector General for Tax Administration (TIGTA) said in its April 2017 interim report that taxpayers lost more than $57.9 million due to impersonation schemes.1

The IRS is very aware of these schemes, and frequently publishes the latest scams to educate taxpayers. The IRS calls the list of scams “the Dirty Dozen” and publishes the list in a variety of mediums in an effort to alert the public.


Number of fraudulent returns involving identity theft over a monitoring period of late January to early March 2017, according to the IRS.

$57.9 million

Dollars lost by taxpayers due to impersonation schemes, according to a TIGTA April 2017 interim report.

The Dirty Dozen

Listed below are the most frequent and commonplace frauds, as outlined in the IRS’ 2017 release.

1. Phishing: Fake emails or websites looking to steal personal information.

2. Phone scams: Phone calls from criminals impersonating IRS agents remain an ongoing threat to taxpayers.

3. Identity theft: The filing of a fraudulent return using someone else’s Social Security number.

TIP: The Insurance Information Institute reports that breaches have again hit a new record in 2017 with 1,579 breaches, up 44.7% from 20162 —safe cybersecurity practices are critical. A recent Key Wealth Insights ID Theft Checklist suggests changing passwords regularly, increasing password complexity, and keeping software security up to date.

4. Return preparer fraud: Dishonest tax preparers or organizations who perpetrate refund fraud, identity theft and other scams.

5. Fake charities: Criminal groups masquerading as charitable organizations to attract donations from unsuspecting contributors.

6. Inflated refund claims: Fraudsters promise an unreasonably large return, but charge exorbitant fees or leverage other fraudulent activity to profit from an individual return.

7. Excessive claims for business credits: Fraudulent or improper claiming of tax credits for businesses.

8. Falsely padding deductions on returns: False inflation of deductions or expenses on returns to pay less than what they owe, or potentially receive larger refunds.

9. Falsifying income to claim credits: Inventing or reporting income erroneously to qualify for tax credits.

10. Abusive tax shelters: The use of tax structures or complex tax avoidance schemes to avoid paying taxes.

11. Frivolous tax arguments: The use of frivolous, unreasonable, or outlandish claims to avoid paying taxes.

12. Offshore tax avoidance: The use of offshore accounts or measures to hide money or yearly income from taxation.3

Other Complex Tax Scams

Beyond the IRS Dirty Dozen, there are several additional complex tax schemes that high-net-worth individuals and their families should be aware of as they file in 2018:

  • W-2 phishing: In this scheme, a false email is disguised to be from an organization’s executive and is targeted to one of the organization’s employees. This urgent message requests a list of employees and W-2 information, and is designed to catch the employee off-guard. If successful, criminals have both personally identifiable information as well as income amounts to exploit the taxpayer. This scheme surfaced last year with employers and is circulating again targeting schools, healthcare, and the shipping and freight industries.
  • Domain spoofing: Similar to other forms of Phishing, a fake email is sent requesting personal, banking or other financial information to resolve a tax bill or refund. The message may contain a link to another website for resolution that looks very similar to an official IRS website.

The IRS will always initiate and follow up contact using the United States Postal System (USPS) and will never contact you using email or by telephone. Any other method of communication should be viewed suspiciously and disregarded.

  • Smishing: This scheme is similar to Phishing except it takes place through text messaging. A text message is sent to the taxpayer and includes a link to a website. The website is designed to capture personal and financial information. IRS employees will never conduct official business through text messaging.
  • Hacking: One of the more recently developed schemes involves hacking into tax professional’s computer systems and stealing client’s banking information. The thief then uses that information to create false tax returns generating large refunds. The returns are electronically filed and refunds are deposited into the taxpayer’s real bank account. Once verified, the thief calls the taxpayer, announces himself as an IRS employee and demands payment for an erroneous refund or some other tax balance.

Be Proactive and Protect Yourself from Fraudulent Activity

When it comes to fraud, defense can often be your best offense. A proactive, strategic, and engaged approach can safeguard high-net-worth individuals from complex fraud schemes. Consider the following:

  • Take measures to implement a strong cybersecurity system including installation of anti-virus software and practicing cybersecurity hygiene (password changes, stronger passwords, two-factor authentication, etc.).
  • Work with financial institutions that have implemented processes (multi-factor authentication) to protect your private, banking and financial information. Some of these measures include call-back verification for certain transactions, rigorous internal system testing and email encryption programs to secure sensitive client communications.
  • Protect personal and financial data through a series of physical controls as well. Most facilities are accessible only through keycard access, and all employees are trained annually in safeguarding data.
  • If you have received communication you believe to be fraudulent or received a suspicious return, contact the IRS to report the report this activity at 1-800-829-1040 (individual) or 1-800-829-4933 (business).
  • Finally, for Key Private Bank clients, if we need to contact you concerning your account, we will contact you through your Relationship Manager, Portfolio Manager, Trust Officer, or other Key Private Bank professionals with whom you are familiar.



Henricks, Mark (2017, October 23). “How to Avoid Getting Scammed Come Tax Time.” Retrieved March 13, 2018 from:


Insurance Information Institute (III). “Facts and Statistics: Identity Theft and Cybercrime.” Retrieved March 13, 2018 from:


Internal Revenue Service (IRS). “IRS Summarizes ‘Dirty Dozen’ List of Tax Scams.” [Web log post]. 2017, February 17. Retrieved March 13, 2018 from:

Any opinions, projections or recommendations contained herein are subject to change without notice and are not intended as individual investment advice.

Investment products are: