In IR–2020–160, the Internal Revenue Service announced the annual "Dirty Dozen" list of tax scams. Each year, the Service warns taxpayers about criminals who target individuals. The IRS encourages taxpayers to be on the lookout for these scams.
IRS Commissioner Chuck Rettig stated, "Tax scams tend to rise during tax season or during times of crisis. Scam artists are using the pandemic to try stealing money and information from honest taxpayers. The IRS provides the Dirty Dozen list to help raise awareness about common scams that fraudsters use to target people. We urge people to watch out for these scams."
This third article of a four-part series covers the tax scams of Offer in Compromise mills, payment and repayment demands, payroll scams and ransomware.
9. Offer in Compromise Mills
Taxpayers with substantial tax debts may settle for reduced amounts through the IRS Offer in Compromise program. These taxpayers must meet specific criteria to qualify. However, there are unscrupulous companies that collect large fees from taxpayers who are already under crushing debt. The companies then fail to provide the expected relief. These tax scammers are called Offer in Compromise mills.
In 2019, 54,000 taxpayers requested an IRS Offer in Compromise. The IRS approved 18,000 requests. Individuals with a substantial tax debt should use the Offer and Compromise Pre–Qualifier tool on IRS.gov. This free tool will show whether you are likely to qualify and, based upon your tax situation, will suggest an estimated offer amount. The IRS reminds taxpayers to be cautious about hiring any company that promises to settle their tax debt for "pennies on the dollar."
10. Fake Payments with Repayment Demands
A fairly devious way to trick taxpayers is for a tax scammer to acquire a victim’s personal data and use the victim’s information against him. This may include a taxpayers’ Social Security number, an Individual Taxpayer Identification Number or financial information. Using that personal information, the scammer files a fraudulent tax return with the IRS and has a large tax refund deposited into the taxpayer's checking or savings account.
After the IRS sends the payment to the taxpayer, the scammer contacts the victim. The scammer claims to be an IRS representative who has been tasked to correct the deposit error. The taxpayer is directed to withdraw money from the account and return it to the IRS, often with instructions to return the funds through gift cards. The taxpayer ends up purchasing gift cards that are transferred to the scammer.
The IRS reminds taxpayers that it will never demand payment by any specific method. Taxpayers who receive an unexpected refund or call demanding repayment should contact both their banking institution and the IRS.
11. Payroll and HR Scams
Both individuals and their employers should be careful to protect IRS Forms W–2 and other Human Resources (HR) information. Scammers know that many employees are working from home due to COVID–19 and are creatively using "gift card" and "direct deposit" scams.
With a gift card scam, the scammer hacks a familiar email account and through that account asks you to purchase gift cards. The gift cards are then transferred to the scammer. With the direct deposit scam, a fraudster hacks your email account and sends a directive to your employer. The scammer directs your employer to change your direct deposit information to an account controlled by the fraudster.
Both the gift card and direct deposit scams have been growing in number. Scammers also may send fake IRS documents and forms to the victim to show the request is legitimate. If you are a victim of a payroll or HR scam, contact the Federal Bureau of Investigation, Internet Crime Complaint Center.
Scammers attempt to exploit human weaknesses in order to place malware on victims’ computers. The primary method used by a scammer is to send an email containing a link to the malware. When the victim clicks on the link, the malware is loaded on the computer. After a period of time, the scammer causes a popup window to be displayed. The scammer demands payment in Bitcoin or another virtual currency. If the payment is not made, the scammer encrypts all of the files on the computer and locks the user out.
Ransomware has been successfully used by scammers against hundreds of local and state government agencies and many businesses. The victims usually fail to recognize the phishing email.
Many of the successful scams this year involve emails claiming to represent a COVID–19 charity. Other emails claim to be from friends, contacts of the victim or from his or her financial institution. A primary way to protect yourself from ransomware is to avoid clicking on email links. Study your emails carefully to be certain they are from a trusted person or organization.
Scammers frequently create a website address that is one letter different from the normal domain address. A victim can easily miss the fact that an email is not from a friend or business organization, but rather from a scammer who will use a link within the email to install malware on the victim’s computer.
The twelve strategies of the "Dirty Dozen" list published each year by the IRS show the many ways that scammers attempt to victimize taxpayers. It is essential for everyone to be on guard so that personal information and financial resources are not stolen by a fraudster or scammer.
Six Tips for Tax Professionals to Protect Client Data
The IRS conducts a Security Summit periodically to assist tax professionals in improving their data security. In IR–2020–167, the Service offered six specific strategies that will help tax professionals protect client data.
The IRS noted, "The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to maintain a heightened state of alert as cybercriminals seek to exploit COVID–19 concerns."
There are multiple strategies that are important for protecting data. IRS Commissioner Chuck Rettig stated, "The Security Summit partners urge tax professionals to take time this summer to give their data safeguards a thorough review and ensure that these protections are in place, whether they work from home or the office."
The "Security Six" protections include anti–virus software, firewalls, two–factor authentication, backup software, encryption of hard drives and a virtual private network.
1. Anti–virus Software
Nearly all professional advisors are using anti–virus software. The software is updated each day and is designed to reduce the risk that a scammer can install malware on your computer or your business’ network.
An anti–virus program should be configured to conduct automatic scans. Many programs also allow you to initiate a manual scan. A manual scan is helpful for scanning email attachments. These attachments are not opened and therefore not able to install malware. The manual scan also can review portable media and CDs for malware.
If the automatic or manual scan discovers malware, it will display a dialogue box and prompt a user to remove the malicious program.
One type of virus known as “spyware” is designed to steal passwords and personal data. You can minimize the risk of spyware by not clicking on links in popup windows, not downloading "free" software and not following email links that offer other services.
All office staff members should be regularly cautioned about phishing emails. These emails are crafted by the scammer to closely resemble an email from a customer, friend or recognized financial service company. Staff must be educated to watch for suspicious emails and avoid clicking on any links.
A firewall attempts to prevent malicious software from entering your computer or your network. The firewall may also block access from overseas entities that are especially likely to be scammers. Firewall types include both hardware and software.
Hardware firewall devices are installed in connection with your network router. They have firmware in the device that guards your computer or network from malware.
The network systems used by most business organizations include a firewall feature. The firewall software could also be available as a separate program. You should carefully check your network or external program firewall software to make sure that it is from a reputable vendor.
The firewall is an excellent method to reduce your risk. It will exclude attacks from problematic nations and from U.S. scammers. Your staff should be cautioned that the firewall is not the only method of defense. An email phishing scam may allow malware to be installed if a user is not careful. The user is still the primary protector of client data.
3. Two–factor Authentication
Most tax software providers and financial institutions now permit two–factor authentication. The Service states, "Tax professionals should always use this option to prevent their accounts from being taken over by cybercriminals and putting their clients and colleagues at risk."
Two-factor authentication generally involves the use of a password plus a numeric code sent via text message. The numeric code must be entered within a short period of time. After entering in both the password and the code, the user then has access to the site. While this is not foolproof, a scammer would need to steal your password and access the code on your mobile phone to be able to log in to the system.
Two-factor authentication is gaining in popularity. The IRS incorporates two-factor authentication, known as “IRS Secure Access,” as a security feature for many of the services available to professional advisors.
4. Backup Software and Services
Your client data should be backed up each day to an external source. You may wish to choose one of several cloud storage service providers or you may back up to an external hard drive. Your backups of client data should be encrypted, so that even if the file is captured the scammer will not be able to access client data. It is important to have daily backups because malware may be included in a number of your backups. If you are subject to a data breach, you will need to use an early version of the client data backup that does not include malware.
5. Drive Encryption
Another best practice for protecting client data is to use drive encryption software. If a scammer acquires your client data files, they will not be usable. The data encryption software could be a stand–alone security software product.
6. Virtual Private Network
Because many tax professionals are required by state and local COVID-19 guidelines to work from home, they need regular access to their main office computers. All professionals working from home must have an encrypted Virtual Private Network (VPN) to access their business network. A VPN enables a user to have a secure method to access data. There are many VPN providers. You will want to read online reviews on various VPN providers before choosing a particular company. All tax professionals who are using a home office need a VPN connection to the main office in order to protect client data.
Tax professionals should also review their professional insurance policy. The policy should include cybersecurity protection. Many organizations have a separate policy specifically for this purpose. Tax professionals who have experienced data theft are strong advocates of maintaining a good–quality cybersecurity insurance plan.
You can find additional information for tax professionals on IRS Publication 4557, Safeguarding Taxpayer Data. There also is a publication by the National Institute of Standards and Technology with the title Small Business Information Security: the Fundamentals.
IRS Contests $73 Million of Art Appraisals
In WT Art Partnership LP et al. v. Commissioner;
No. 28440-15; No. 19604-16 (2020), the Tax Court denied an IRS Motion for Partial Summary Judgment. The IRS was contesting the validity of appraisals on $73.9 million of art given to the New York Metropolitan Museum of Art ("Met").
WT Art is a limited partnership created to acquire Chinese paintings. It gave five paintings to the Met. The gifts of art in 2010, 2011 and 2012 were appraised at $73.9 million. WT Art filed IRS Form 8283 each year and included appraisals prepared by China Guardian Auctions Co., Ltd. ("China Guardian") of Beijing, China. The appraisals were signed by China Guardian President Wang Yannan.
China Guardian indicated that four employees worked on the appraisals. Employee Yin Guanghua "performed the most important, substantive work" on the appraisals. He had studied Chinese art for five decades and appraised thousands of works of art each year.
For gifts of property over $500,000 in value, a taxpayer must attach a qualified appraisal to the return. Section 170(f)(11)(D). The appraisal must be done by a qualified appraiser and follow generally accepted appraisal standards. A "qualified" appraiser must have earned an appraisal designation from a recognized professional appraiser organization or must meet minimum education and experience requirements. Section 170(f)(11)(E)(i)(1). The appraiser must "regularly perform appraisals for which" he or she receives compensation. The appraiser must also demonstrate appropriate education and experience in valuing the type of property that has been appraised. Section 170(f)(11)(E)(iii)(1).
The appraisal may be made "not earlier than 60 days prior to the date of contribution," and must be "prepared, signed, and dated by a qualified appraiser." Reg. 1.170A–13(c)(3)(i)(A) and (B).
A qualified appraisal must include "a description of the property and its physical condition, the date of the appraisal and the expected contribution, a statement that the appraisal is made for income tax purposes, the method of valuation used to determine fair market value, and the qualifications of the appraiser, including his or her background, experience, education, and membership, if any, in professional appraisal associations." Reg. 1.170A–13(e)(3)(ii)(F).
The taxpayer does not need to comply with all appraisal requirements, but may rely on the doctrine of substantial compliance. The taxpayer must have done all that is "reasonably possible," but may still qualify if the omission is not substantial.
The IRS claimed that the appraisals on the five gifts of Chinese art were not qualified for multiple reasons. The initial appraisals were prepared by individuals affiliated with WT Art, and therefore were not independent. China Guardian was an "accommodation party" and merely signed the appraisals. The China Guardian staff were not "qualified appraisers" because they did not regularly perform appraisals for compensation and did not possess the required certifications, background or education. Reg. 1.170A–13(c)(3)(ii)(F). Finally, China Guardian staff did not do a majority of appraisals for other persons and did not comply with the “Uniform Standards of Professional Appraisal Practice.”
The Tax Court judge denied the IRS motion. The question of whether China Guardian "regularly performed" appraisals and whether it had the required background and experience to appraise Chinese art is a question of fact. The Tax Court directed the parties to address the factual questions at trial.
This denial of the motion for partial summary judgment is a very clear explanation of the parameters for a qualified appraisal and qualified appraiser. The IRS initially contests the validity of the appraisals. If the IRS wins on the technical appraisal points, it will not need to contest the actual valuation. The Service does submit large or valuable gifts of art to the IRS Art Appraisal Panel on a periodic basis.
Applicable Federal Rate of 0.4% for August -- Rev. Rul. 2020-15; 2020-32 IRB 1 (16 July 2020)
The IRS has announced the Applicable Federal Rate (AFR) for August of 2020. The AFR under Section 7520 for the month of August is 0.4%. The rates for July of 0.6% or June of 0.6% also may be used. The highest AFR is beneficial for charitable deductions of remainder interests. The lowest AFR is best for lead trusts and life estate reserved agreements. With a gift annuity, if the annuitant desires greater tax-free payments the lowest AFR is preferable. During 2020, pooled income funds in existence less than three tax years must use a 2.2% deemed rate of return.