The Internal Revenue Service (IRS) has ramped up cautions to taxpayers and small business owners with the release of its 2025 “Dirty Dozen” list, pointing to 12 common tax frauds that compromise financial security. The scams, ranging from sophisticated phishing to tax preparer scams, exploit vulnerabilities both annually during tax time and throughout the year. While scammers get more sophisticated, the IRS reminds individuals of ongoing measures to safeguard sensitive data and prevent identity theft.
2025 Dirty Dozen: Evasion threats from new taxpayers
Phishing and smishing are top threats on the IRS’s list, where scammers masquerade as tax officials by email or text message to get personal information. These usually use high-pressure rhetoric with unsubstantiated claims of tax refund problems or law suits. One of the most common smishing schemes is the “account suspended” alert with spam links to fix perceived problems.
The other grave risk is the “new client” scheme where tax practitioners are spear-phished by hackers who pose as potential clients. The cybercriminals send malware-laden documents with the objective of acquiring sensitive taxpayer data. Imposter tax preparers also pose a serious threat, where criminals provide higher refunds or percent-based refunds on fees. The scammers come and go once they file fake returns, while the victims end up suffering from the penalties.
False claims of tax credits are also under investigation. The criminals sell bogus claims for credits like the Fuel Tax Credit or Employee Retention Credit, usually on social media or by spam phone calls. The IRS says that it’s seeing more schemes requiring taxpayers to make up W-2s or build income in order to get refunds.
Protective steps for individuals
Taxpayers are held under tight verification processes. The IRS never contacts anyone by phone or email demanding payment or information. Legitimate communication begins with printed mail, and payment never happens through gift cards or cryptocurrency. Taxpayers need to:
- Visit suspicious messages by calling the IRS from valid numbers listed on IRS.gov.
- Use IRS-approved tax software that contains multi-factor authentication to protect accounts from unauthorized access.
- Check tax transcripts for unusual filings or modifications, which could be an indicator of identity theft.
Suspected fraudulent taxpayers need to report an Identity Theft Affidavit (Form 14039) and credit report security freeze, as recommended by the IRS.
Securing small businesses
Small businesses are susceptible in their own respects, such as fraudulent W-2 requests and phishing against payroll information. The IRS recommends businesses:
- Guard against Employer Identification Numbers (EINs) by informing authorized signers with Form 8822-B and limiting access to confidential documents.
- Train employees to identify phishing scams, including communications that seem to come from executives requesting immediate wire transfers.
- Send tax information encrypted and use secure portals to exchange documents with tax professionals.
Businesses must also conduct routine vulnerability testing and collaborate with IT security professionals to combat threats. The Certified Advanced Software Security Tester (CASST) credential educates employees in the detection of system vulnerabilities, though this training comes second to IRS policy.
Reporting and IRS tools
The IRS urges reporting of phishing to [email protected] and W-2 data breaches to [email protected]. The state tax administrations must be reported using [email protected] to enable coordination.
Educational materials like Publication 5961 and the Identity Theft Central webpage provide useful information to individuals and organizations. The efforts of IRS with the Security Summit-a partnership of tax professionals and software companies-have made refunds more resistant to fraud and prevented billions of taxpayer dollars.
When more complex cons target taxes, education and awareness are the weapons. Taxpayers and businesses can thwart fraud rings and protect their economic well-being by learning the Dirty Dozen scams and taking IRS-advised protection. The annual IRS campaign highlights how each individual has a responsibility to do what they can and apply their knowledge to report anomalies early.
Read more: IRS can share data with ICE to identify people illegally in the U.S.
Read more: Can gas stations charge a surcharge for using a credit card to pay for gas? In what states is it legal?
