Cybersecurity and Taxes: Navigating the Dirty Dozen

Understanding the IRS Dirty Dozen

Each year, the IRS publishes a list of common tax scams known as the Dirty Dozen. These scams target taxpayers, businesses, and tax professionals, peaking during tax season but remaining a threat year-round.

Why Cybersecurity Is Crucial During Tax Season

Tax season is a prime opportunity for cybercriminals. The IRS reports thousands of cases annually involving identity theft, fraudulent tax returns, and phishing scams. These attacks often exploit individuals who unknowingly share sensitive data online or store it insecurely.

Tax documents contain valuable information for hackers, including:

• Social Security numbers
• Bank account details
• Income statements
• Investment records
• Employer information

Once compromised, this data can be used to file fraudulent returns, open credit accounts, or steal identities.

Common Cybersecurity Threats and Tax Scams

Email and Text Phishing Scams

• Phishing: Fraudulent emails claiming to be from the IRS, often promising fake refunds or threatening legal action.¹
• Smishing: Scam texts using alarming language like “Your account is on hold” or “Unusual activity detected,” with links to malicious sites.
• Never click on unsolicited messages claiming to be from the IRS. These may contain malware or ransomware.

Misinformation on Social Media

• Inaccurate tax advice on platforms like TikTok continues to mislead taxpayers. Examples include misuse of Form W-2 and false claims about eligibility for credits.²

IRS Online Account Scams

• Scammers may offer to “help” set up your IRS Individual Online Account, only to steal your personal information.³

Fake Charities

• Fraudulent charities often emerge during crises, seeking donations and personal data.
• Only donate to IRS-recognized tax-exempt organizations.⁴

False Fuel Tax Credit Claims

• The Fuel Tax Credit is intended for off-highway business and farming use. Many taxpayers are misled into claiming it incorrectly.⁵

Misuse of Sick and Family Leave Credits

• Credits for Sick and Family Leave (Form 7202) were available only for self-employed individuals in 2020 and 2021. Many are incorrectly claiming them for later years or based on employee income.

Bogus Self-Employment Tax Credit

• There is no such thing as a “Self-Employment Tax Credit.” Promoters falsely advertise large payments for gig workers and self-employed individuals.⁶

Fake Household Employment Claims

• Some taxpayers invent household employees and file Schedule H to claim false sick and family leave wages.

Overstated Withholding Scams

• Scammers encourage taxpayers to submit false income and withhold data on forms like W-2 or 1099s to claim large refunds.⁷

Misleading Offers in Compromise

• Some companies aggressively market Offers in Compromise to taxpayers who don’t qualify, charging high fees.⁸

Ghost Tax Return Preparers

• Beware of preparers who refuse to sign your return or provide their IRS PTIN. These “ghost” preparers often charge based on refund size and may disappear after filing.⁹

Spear Phishing Targeting Tax Pros

• Cybercriminals impersonate new clients to trick tax professionals into opening malicious attachments or links, compromising sensitive client data.¹⁰

Conclusion

In today’s digital landscape, cybersecurity and taxes are inseparable. Whether you're filing your own return or advising clients, safeguarding sensitive financial data is essential. By staying informed and vigilant, you can ensure tax season is a time of financial clarity—not vulnerability.

Sources:

1. https://www.irs.gov/privacy-disclosure/report-phishing
2. https://www.irs.gov/newsroom/dirty-dozen-taking-tax-advice-on-social-media-can-be-bad-news-for-taxpayers-inaccurate-or-misleading-tax-information-circulating
3. https://www.irs.gov/newsroom/dirty-dozen-irs-warns-taxpayers-to-stay-away-from-helpful-scammers-offering-to-set-up-an-online-account
4. https://www.irs.gov/newsroom/dirty-dozen-irs-warns-about-fake-charities-exploiting-taxpayer-generosity
5. https://www.irs.gov/newsroom/irs-casst-announce-2025-filing-season-changes-aimed-at-preventing-spread-of-scams-schemes-new-fuel-tax-credit-statement-and-increased-review-of-other-withholding-claims-among-highlights
6. https://www.irs.gov/newsroom/irs-warns-taxpayers-about-misleading-claims-about-non-existent-self-employment-tax-credit-promoters-social-media-peddling-inaccurate-eligibility-suggestions
7. https://www.irs.gov/newsroom/misleading-social-media-advice-leads-to-false-claims-for-fuel-tax-credit-sick-and-family-leave-credit-household-employment-taxes-faqs-help-address-common-questions-next-steps-for-those-receiving-irs
8. https://irs.treasury.gov/oic_pre_qualifier/
9. https://www.irs.gov/tax-professionals/choosing-a-tax-professional
10. https://www.irs.gov/newsroom/irs-security-summit-partners-warn-of-surge-in-new-client-scams-aimed-at-tax-pros-as-2024-filing-season-approaches

Disclosures:

Apella Capital, LLC (“Apella”), DBA Apella Wealth is an investment advisory firm registered with the Securities and Exchange Commission. The firm only transacts business in states where it is properly registered or excluded or exempt from registration requirements. Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Apella Wealth provides this communication as a matter of general information. Any data or statistics quoted are from sources believed to be reliable but cannot be guaranteed or warranted.

Apella Wealth does not provide tax or legal advice and nothing either stated or implied here should be inferred as providing such advice.