As Scammers try harder, just be more clever!

We are assaulted by people trying to access our information for their benefit or trying to trick us into sending a payment fraudulently.  Now, with all the news on artificial intelligence, we will see even more ways we may be assaulted. 

How do you protect yourself?

The first step:  Think before panicking and reacting; careful observation could save you from a scam!

Here are some examples, starting with familiar ones:

  • Do you really think you won a lottery you never entered?  There is an old joke about not buying a ticket.
  • Do you think you won a gift on Ace Hardware or Walmart when you haven’t been shopping there? Check the e-mail address – if it’s not from the company, then someone is trying to gain access to your information.
  • Do you actually think you are the one randomly chosen to receive an inheritance from someone in another country that supposedly has no heirs?  The estate mentioned is often from a country you may never have visited, and the estate is an enormous amount, so probability says it cannot be real.
  • If Amazon really thinks there is fraud, why does the person answering the call say “Thanks for calling Amazon” when the call came from them, and why do they know nothing about your account so that they have to ask for your information?  If there was a fraud, they would be telling you about the transaction instead of asking for all your account details.
  • No one stole your credit card, and you know you did not buy a MacBook or Airpods, so why is someone calling from the Netherlands to claim a purchase was made on your account?  Often you can tell that the callers are not from the companies they claim. 
  • It may look like a Microsoft message or some other legit message, but why do you suddenly need to update your account or sign for a matter you don’t recognize?  Check the source of the message – we have seen official-looking messages from many dubious senders, including some from India, Japan, Russia or somewhere else.  Be wary of e-mails from random accounts rather than the actual vendor.  
  • Why is the border patrol in Texas calling you claiming that the opened your mail and need to put a hold on your social security number? What does it even mean to “put a hold on your social security number” and how does that even relate to contraband?

If you receive notice of an unauthorized payment or overdue bill, or even a payment authorization you didn’t expect, don’t click on the link, go to the vendor’s website to access via a browser you trust to check before responding.  The link in a text or e-mail may appear okay but close examination reveals some flaw.  

The same applies if you receive a DocuSign notice:  make sure the sender is legitimate.  Clicking on the link could allow them to install malware and gain access to your financial information. 

Here’s another example:  We recently had someone claim to have seen our website and want to hire us for tax work.  When we asked for more information about their situation, including the state in which they filed, the response was a message asking to click on links to their information.  The fact that they did not respond to questions about hiring a tax professional was a tip-off.  The IRS warns:

Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Tax pros have been especially vulnerable to spear phishing scams from thieves posing as potential clients. Thieves might carry on an email conversation with their target for several days before sending the email containing a link or attachment. The link or attachment may secretly download software onto tax pros’ computers that will give the thieves remote access to the tax professionals’ systems.

IRS

You can avert risks by being very suspicious, as well as being cautious. 

More steps:  you will also want to monitor your credit, even freeze your credit accounts, make sure your computer and smartphone software is up to date, use two-factor verification, run your malware and antivirus scans frequently, and respond to any alerts.  For more ideas such as getting an PIN from the IRS, see our post on Phishy Phone calls.  Here is good reminder from the IRS:

  • The IRS will never contact a taxpayer using social media or text message. The first contact from the IRS usually comes in the mail. Taxpayers who are unsure whether they owe money to the IRS can view their tax account information on IRS.gov.
  • For more on scams, see the annual IRS dirty-dozen list.

Let me know if you have any questions or comments and stay cautious! You can always call me if you are not sure what to do.

Steven

How not to fall for Phishy IRS calls and other Scams

These days, nearly all of us get calls, e-mails and text messages trying to gain access to our finances.  You have probably seen or heard of the call “from Amazon” about a new iPhone order, the call “from Social Security” indicating that your number has been suspended, which requires your immediate action with someone on the phone, the e-mail with a “voicemail message” attached for you to click on to hear, and the e-mail with an “invoice” for you to approve.  There are many more forms and styles, and more keep coming.

This post focuses on the calls purporting to be from the IRS, and the purpose of this post is to help make you more wary so you do not fall victim to any of these scams. 

The IRS recently posted its dirty dozen for 2021, a list of scams that focuses on Pandemic-related scams, like unemployment claims, but also fake charities, urgently seeking donations, and offer in compromise scams, claiming to have ways to reduce your taxes owed.  There are other scams that target elderly or people for whom English is a second language.  And some scams offer to file conservation easements and improper business credit claims for you.   

Calls “from the IRS”

The call insisting that you owe the IRS and need to pay is a scan that has been around for some time.  The IRS website, and the recorded message when you are on hold contacting the IRS, says:

  • The IRS won’t initiate contact by phone, email, text or social media asking for Social Security numbers or other personal or financial information. 
  • The IRS generally first contacts people by mail – not by phone – about unpaid taxes.
  • The IRS may attempt to reach individuals by telephone but will not insist on payment using an iTunes card, gift card, prepaid debit card, money order or wire transfer.
  • The IRS will never request personal or financial information by e-mail, text or social media.

Furthermore, the IRS will ask you to confirm your identity before discussing any tax matters with you. 

Protect your tax filings

To help insure that no one can file under your social security number, the IRS suggests obtaining an ID PIN for filing your tax returns.  The PIN is now available to all taxpayers; you include it when you file your tax returns so that the IRS can verify that it is you filing.  This prevents others from filing bogus refund claims under your social security number. 

You can also include your driver’s license when filing, so the IRS and state revenue departments can verify that it is you filing, not an imposter. 

Be Vigilant

To protect your finances, you need to be vigilant.  Before you answer the phone, what does the caller ID say?  Is it a legit company or “unknown”?  Before you respond to an e-mail, does the address look like a real customer service company site or something random?  Is the grammar or content in the call or message off?  If it seems off, it probably is. 

Usually, you can find safe and easy ways to confirm the information in question by placing your own call or logging onto the related website online, rather than responding directly. 

The IRS recommends setting up multi-factor identification to access your financial information.   The IRS suggests more steps here:

  • Using anti-virus software and set it for automatic updates. Anti-virus software scans existing files and drives on computers – and mobile phones – to protect from malware.
  • Using a firewall to shield digital devices from external attacks.
  • Using backup software/services to protect data. Making a copy of files can be crucial, especially if the user becomes a victim of a ransomware attack.
  • Using drive encryption to secure computer locations where sensitive files are stored.  Encryption makes data on the files unreadable to unauthorized users.
  • Creating and securing Virtual Private Networks. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.

Conclusion

If something smells “phishy,” it probably is.  So be cautious, even suspicious of interaction asking for personal and financial information.  Set up two-factor verification and an IRS PIN.  And let me know if you have questions or concerns.  I will try to help.

Business Taxes, Part II of III on year-end tax planning

This is Part II of three parts on year-end tax planning under the Tax Cut and Jobs Act. In our first part, we discussed the impact of the new law on personal taxes. In this part, we focus on small businesses.

Choice of Entity for Small Businesses

One of the biggest changes from the new tax law is the massive reduction in the tax rate for regular or “C” corporations. That may sound very appealing, but does this mean you should convert your S Corp. or LLC into a C Corp.? It could, if you expect to keep net income in your business.

If that is not your plan, i.e., if you want to take out money for yourself and other members, then use a pass-through entity instead of a C Corp. While a C Corp. may only pay taxes of 21% on its income, the amount the C Corp. distributes, via dividends or otherwise, will be taxed again to shareholders. If the shareholders are in the highest bracket, then income that started in the corporation had to pay over 52% in total taxes before getting into shareholders pockets. If you are a pass-through such as an LLC or partnership, then no tax is imposed at the entity level and entity members may qualify for the QBID on their personal returns – see below.

Be clear on your goals: do you want to leave net income in to grow the business for sale or an IPO? Or do you want to distribute net income to business members?  Deciding makes the choice clear.

Section 199A QBID

In our first part, we discussed the qualified business income deduction of 20% for certain pass-entities.. The deduction is complicated and subject to limitation. One such limitation is the total income of the taxpayer reported on her individual or joint tax return. The deduction phases out for high income taxpayers, starting at $157,500 of income for single taxpayers and $315,000 for married taxpayers, and phasing out when income exceeds $207,500 for single taxpayers and $415,000 for married taxpayers. There are wage and capital limits that can bring back a deduction when the phase out is exceeded, but that does not help service businesses as discussed below.

The deduction is “below the line,” so it does not reduce self-employment taxes or any items that are keyed to adjusted gross income (“AGI”). It also does not affect net operating losses.

Another limit is on income from a service business. This is defined as income from the following:

Health, law, accounting, consulting, financial services, performing arts, actuarial science, athletics, brokerage services, investing or trading in securities, or any business where the principal asset is the reputation or skill of its employees (there are now regulations on this last type, but those do not answer all questions).

Architects and engineers were excluded from the list in the final bill.

For those within the definition of service business, QBID drops to zero when the phase out is exceeded.

If you are bumping up against any limits for 2018, you will want to review ways to defer income to 2019 or reduce taxable income in 2018 by increasing your deductions.

Businesses use of Home

The new tax law imposes limits on Schedule A deductions, including state and local income and real estate taxes. If some of your real estate taxes otherwise subject this limit are for a home office or other business use, then the business portion is not limited and can be used to shelter business income.

New Rules on Entity-level Audits

Under the new tax law, LLCs and partnerships face substantial changes for the IRS audit procedures:

  1. Beginning in 2018, the IRS can audit such entities at the partnership or LLC level under the Centralized Partnership Audit Rules or “CPAR.” This gives the IRS new powers, one of which is the ability to impose a tax at the entity level and let the partners sort it all out, rather than the pre-2018 requirement to audit each partner; and
  2. The IRS would contact the Partnership Representative for the entity. If no PR has been designated, then the entity loses by default.

This means (a) updating your operating agreement to designate the PR in place of the tax matters partner and (b) electing out of the CPAR rules on your 2018 tax filing to avoid application of these unfavorable rules.

What is a WISP?

You have probably received e-mails and other notices asking you to review updated privacy policies from various vendors. Many of these were generated in response to adoption of the GDPR (General Data Protection Regulation) by the European Union in May of 2018.

What too few companies know is that there are laws in the US that require implementation of privacy safeguarding. One affecting companies doing business in Massachusetts is the Standards for the Protection of Personal Information of Residents of the Commonwealth in force since 2010.

If you are affected and have not either established or reviewed your company’s WISP (written information security program), please act right away to avoid liability for any potential breach.  Also, check the laws of any other state in which your do business to see what laws apply to your use of personal information.

Conclusion

If any of this raises questions for your year-end planning, let me know. I will be glad to see if can help.

Impact of New Tax Law, Part I of III on year-end tax planning

New Tax Law

The Tax Cut and Jobs Act made substantial changes to tax rates, deductions and credits for individuals, corporations and other entities. It also affected changes to estate taxes. For a summary of all changes, please see our post from December in 2017 year-end tax planning – a year of uncertainty.  Please also see the other parts of this series:  in the second part, we discussed planning for small businesses; in the third part, we provided a practical guide for year-end action; and in Tax Planning Hacks, we discussed planning ideas for your Itemized Deductions and more.

The purpose of this post is to get you started on year-end planning to take advantage of the TCJA changes.

What is the Impact of New Tax Law?

We have been reviewing the impact of the new law with projections in our CCH ProSystem Fx tax software. While many individuals lose deductions in 2018 that they were previously allowed, that does not mean that their taxes increase as much they feared. Here are some reasons why:

  • They probably do not owe the AMT as they have in the past.
  • The change in rates lowers total taxes for many.
  • The passthrough deduction discussed below can make a big change.

If you want us to review the impact on your taxes, please let me know.

Clarifications on New Tax Law

Mortgage interest remains deductible even on an equity line of credit (ELOC), provided proceeds from the ELOC were used to purchase or substantially improve your home. However, if the proceeds were used for consumption, then the interest is not deductible.

The deduction for state and local income taxes (SALT) and property taxes is capped at $10,000. However, property taxes for rental properties are still fully deductible against rental income on Schedule E. And farmers and self-employed taxpayers can still deduct the business portion of the taxes on Schedules F and C. Finally, you may be able to use a trust to share ownership of a property with beneficiaries so that they can deduct a portion of the property taxes.

Change for Small Businesses

One of the biggest changes is the qualified business income deduction (“QBID”) under section 199A, also know as the pass-through deduction. This deduction reduces taxable income from qualifying businesses by 20% for taxpayers under the income limitations. This is, net profits form the business after any W-2 salary paid to the owners is reduced.

Pass through businesses include sole proprietors, S corporations, LLCs and partnerships. They also include real estate investment trusts (“REITs”) and certain publicly traded partnerships (“PTP”). But there are income limits and thresholds that eliminate the QBID service companies. Here is a good chart on that may help you see if you qualify for the 20% deduction. Also, watch for more in our next post.

Planning under 199A for QBID

If you have a pass-through business and your year-end planning shows that you may hit the income limits that reduce or eliminate the deduction, you can move income and deductions for Schedule A to change that. Push income into next year and bring any deductions from next year into this year. If you succeed in getting back under the income the limitation, you get a 120% benefit for the right offs – that is, 100% deduction value on Schedule A and 20% QBID value.

The income limits are toughest on service companies. If your small business is a service company, you may want to break out any non-service business to get the benefit of QBID. A professional office that does billing, debt collection or operates a professional building may be able to put those activities in separate entities that qualify for QBID. Furthermore, if your small business is considering buying an office, keep that in a separate entity from the business.

Conclusion

Watch for Part II coming soon. In the meantime, please contact us if you have any questions.

Scam alert: your secrets are not safe with the IRS

The IRS recently announced that the tax information of 104,000 filers was stolen by hackers and used to file false returns. The same thieves attempted to steal tax data from an additional 100,000 filers, but were unsuccessful.

The unauthorized access of records occurred between February and May of 2015, when hackers used the IRS’s “Get a Transcript” web tool to access filers’ tax return transcripts. The hackers had previously obtained social security numbers of these 200,000 filers from other sources. The IRS pointed out that their servers were not hacked, but their online service allowed resourceful thieves to access filers’ information.

This breach is especially alarming because IRS Transcripts contain sensitive information about filers. Specifically, they include much of the information reported to the IRS on 1040 and the supporting forms, such as W-2s. The stolen information was then used to file 36,500 fraudulent tax returns seeking refunds. As many as 13,000 of those phony returns were accepted by the IRS, for a total of $39 million in refunds paid.

The IRS acted after discovering the breach by closing down the “Get a Transcript” tool for individual filers. Filers may still request their transcripts, but must do so by mailing in a completed form 4506. The IRS has not indicated when it will provide the online service again.

Their next step was to notify all 200,000 victims, informing them that their social security numbers and possibly other personal data was stolen. For those 104,000 whose tax information was stolen, the IRS is offering credit monitoring services. These victims will receive instructions to sign up for the credit monitoring note: these outreach letters will not request any personal identification information from taxpayers). In addition, the IRS will continue to monitor those tax accounts.

As always, victims may apply for identity protection numbers to prevent the filing of future returns using their information. Additionally, the IRS plans to strengthen its authentication procedures.

The hackers were able to answer many of the “out of wallet” security questions by using information that can be easily found on credit reports and social media sites like Facebook. As a result, the IRS will use questions that are more difficult to answer.

The IRS plans to employ a more proactive approach to prevent future breaches by partnering with private tax software companies, payroll companies and state agencies to share data on uncovered scams. Congress may act as well and may move up the date that W-2 forms must be filed with the government to January 31. This change would make it more difficult for scammers to e-file fake 1040s.

If you were affected by this breach, you will receive a notice in the mail from the IRS. If you do not receive a notice, we still recommend you access your free credit reports annually and stay vigilant about keeping your sensitive data protected.