Fraud Awareness and Prevention: IRS Warns Businesses about Common Scams
In addition to warning individual taxpayers about common tax-related scams and abuses, the IRS’s 2025 “Dirty Dozen” list highlights several risky schemes that are of particular concern to businesses. In fact, the agency went a step beyond its annual Dirty Dozen list this year by publishing an additional warning aimed specifically at small businesses (IRS reminds taxpayers and small businesses to look out for scams), urging them to take proactive steps to safeguard both their companies and employees through robust security measures.
Common Scams and Schemes
Fraudsters’ schemes continue to grow in number, variety, and sophistication, to the point where trying to stay on top of them can be overwhelming. One way to simplify things is to recognize that the most common tax-related risks generally fall into three broad categories:
- Cyber Scams and Identity Cons. This category includes fake emails (phishing) and text messages (smishing) that appear to come from the IRS or other tax authorities but are actually attempts to gain access to confidential personal or financial information. Many times, clicking the links in such messages will introduce malware or ransomware as well. Remember, the IRS never makes its initial contact via text, email, or telephone.
An even more sophisticated variant involves spear-phishing, in which an imposter posing as a company officer targets an employee with a request for copies of tax documents or other sensitive data. Phony requests for copies of W-2 forms are among the most common spear-phishing ploys, especially during tax season. In addition to compromising company information, such schemes may also expose employees to identity theft.
Not all scams are digital. Many businesses have received realistic-looking letters or phone calls from aggressive fraudsters impersonating IRS agents—often with threats and demands for immediate payment by wire transfer or prepaid debit card. The IRS never uses such tactics. Any unexpected IRS communication should be verified independently using contact information from the official IRS website and shared with your tax advisor.
- Online Myths and Misinformation. Social media platforms have become notorious for spreading wildly inaccurate tax tips, often encouraging people to misuse legitimate IRS programs or submit false tax documents to get large deductions or credits. Businesses can fall prey to these rumors and urban legends too.
One common example involves the federal Fuel Tax Credit. Although it is available only for off-highway operations, self-styled online “experts” often urge ineligible businesses to file false claims, sometimes using fabricated documents. The best advice: never believe any tax tips found on social media unless you have independently verified them with a trusted tax professional.
- Bogus Tax Advisors. This category includes a variety of unscrupulous promoters such as offer in compromise (OIC) “mills,” which promise to help taxpayers settle large tax debts for just pennies on the dollar, while charging exorbitant fees. Another persistent problem is so-called “ghost” tax preparers who encourage taxpayers to apply for credits or benefits for which they don’t qualify, often charging a fee based on the amount of the credit or refund. An obvious tip-off to such schemes is that ghost preparers usually do not sign the returns they prepare or provide a valid preparer tax identification number. Legitimate tax preparers always do both.
Protecting Your Business
In addition to being alert to common scams such as the ones mentioned here, there are a number of added protective measures businesses should take to strengthen their defenses.
One important first step is to know the warning signs of identity theft, such as a sudden inability to e-file tax documents because someone else has used the same employer identification number (EIN). An unexpected tax transcript or IRS notice that does not match anything previously submitted could also be a sign that a company’s account has been compromised.
As companies grow or become more data dependent, the need for robust security systems becomes even more acute. Ultimately, dedicated cybersecurity professionals—either in-house or via third-party contractors—become essential to most organizations. In the meantime, at a minimum, all devices with online access should be protected by antivirus and malware-blocking software with automatic updates enabled. Consistently enforcing strong password requirements for access to company systems and adding multi-factor authentication are also important safeguards. Maintaining a regular schedule of data backups is also crucial.
Even in the digital age, sound physical document security practices are still essential. Access to W-2, 1099s, and EINs should be strictly restricted. Paper tax documents should be backed up with encrypted digital copies, and then routinely shredded when they are no longer needed. The same requirements should apply to all third-party providers such as payroll processors and outsourced HR firms.
Alert, informed employees are the first line of defense against both cybercriminals and tax scammers. Ongoing employee education programs should include regular cybersecurity refreshers to reinforce sound data security practices. The IRS offers printed guides and videos to support this effort, many of which are available on its Identity Theft Central web page.
In addition to cybersecurity recommendations, the IRS also offers information about other risks, including common tax-related scams and suspicious tax strategies, at IRS Tax Scams.
Please contact us if you would like more information about avoiding tax scams and fraud.
