Receive a Completely Unexpected "IRS" Tax Refund in Your Bank Account? Stop!!! Don't Take the Bait!

By Thomas Bassett, J.D., CPA
March 28, 2018

As head of Commerce Trust’s East Region tax group, Tom Bassett, J.D., CPA, takes a moment to share his bird’s eye view of the new tactics electronic thieves are using to steal money from federal tax filers.

Checking phone in the dark
Q. As tax season gets into full swing, what are you seeing as the top issue for tax preparers and tax filers this year?

A. There are new twists on what is unfortunately a constant problem now – taxpayer identity theft. Cyberthieves have evolved and unfortunately gotten better. Stolen identity refund fraud has taken a new form to fool the unwary.

Q. How have cyberthieves changed their tactics?

A. In the recent past, the bad guys would use your stolen identity to file fraudulent claims for refunds and then have the proceeds sent directly to them on debit cards. Now they’ve discovered it’s better to have the refund direct-deposited to an unwitting filer’s bank account. Soon after the unexpected deposit arrives, the cyberthieves call posing as IRS representatives or collection agencies to pressure the filer on the phone to wire the “mistaken” refund back to them at a specified address.

Q. Why do people respond to this?

A. The bad guys know exactly how much was deposited into a recipient’s account and they spin a credible story that this refund “error” has to be returned immediately or the IRS will levy stiff penalties. Recipients know they did not deposit the money themselves and it shouldn’t be in their accounts. It ends up being a credible spoof because no one wants to get sideways with the IRS, so filers get nervous and follow the fraudulent instructions.

Q. What should filers do if they get a suspicious phone call or a voice mail regarding a potentially fraudulent refund?

A. Ask the caller to give you a number where he or she can be reached, note the time of day, and politely say you’ll return the call after you’ve consulted with your tax advisor. Do not get flustered or withdraw the funds if they are in your account. Take the time to speak directly with your bank representative or the IRS first. If you make the mistake of wiring the money to the thieves, you unwittingly become complicit in the ruse. By voluntarily sending the refund back, you lose your leverage on potential recovery of the theft. It’s a diabolically clever scam.

Q. What happens next if you’ve sent the money?

A. Unfortunately, nothing good. The IRS will likely call you requesting return of the funds because they will automatically know you haven’t filed your taxes yet. If you’ve already voluntarily sent an “erroneous refund” to the cyberthieves, you’ve lost the proceeds that still rightfully belong to the IRS. So the IRS will want the refund back and your ability to seek redress through the IRS or the bank is compromised. The cyberthieves know this and capitalize on the confusion of who might be liable.

Q. What does the IRS recommend taxpayers do if their return has been compromised?

A. The IRS encourages taxpayers to discuss the issue with their financial institutions because they may need to close bank accounts. Taxpayers receiving erroneous refunds should also contact their tax preparers immediately. There are established procedures they should follow to return erroneous funds. One important procedure, for example, is to send only paper checks. Taxpayers who receive a direct deposit refund that they did not request should take the following steps:
  1. Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS.
  2. Call the IRS toll-free at 800-829-1040 (individual) or 800-829-4933 (business) to explain why the direct deposit is being returned.
  3. Keep in mind interest may accrue on the erroneous refund.
There is more information at

Q. How extensive is refund fraud in general?

A. Despite the preventive measures taken over the last two years, the IRS estimates it paid out $1.3 billion in fraudulent tax refunds in 2017. However, the number of taxpayers reporting to the IRS that they are victims of identity theft is declining. The IRS said that it received 242,000 reports from taxpayers in 2017 compared to 401,000 in 2016 – a 40 percent decline. It’s lessening, but still a serious drain on our national resources.

Q. What is the IRS doing about the problem?

A. As one recent example, the IRS worked with large companies to add a code in Box 9 of the standard W2 form that helps corroborate your identity information when you submit your taxes. IRS officials are also focusing on strengthening safeguards tax preparers employ – when tax preparers are hacked, the trouble expands exponentially.

Q. Would it be better to file on paper vs. electronically?

A. It makes no difference on your chances of being defrauded. The cyberthief is simply interested in getting to your employer deposits credited to your IRS account (your withholding and any prepayments) before you do. If you try to electronically file your return, you will get immediate feedback that your Social Security Number has been compromised, whereas if you paper file, it could be months before the IRS inputs your return, and months before they tell you your account has been compromised.

Key takeaways:
  • Everyone must be vigilant and alert – both taxpayers and tax professionals.
  • Never take an email from a familiar source at face value. For example, an email from “IRS e-Services” could be a bogus email address. If it asks you to open a link or attachment, or threatens to close your account, think twice. Hover your cursor over the link to see the real web address (URL). If you don’t recognize it, do not open.
  • Use security software. Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update.
  • Encrypt sensitive files, such as tax records, stored on computers. Use strong, unique passwords for each account.
  • Watch out for scams. Learn to recognize and avoid “phishing” emails and threatening calls and texts from thieves posing as legitimate organizations such as banks, credit card companies, tax software firms, or even the IRS. Do not click on links or download attachments from unknown or suspicious emails.
  • Protect personal data. Don’t routinely carry Social Security cards and make sure tax records are secure. Shop at reputable online retailers. Treat personal information like cash; don’t leave it lying around.
For more information, see


*Always consult with your CPA and professional advisor on matters involving income taxes.

Past performance is no guarantee of future results, and the opinions and other information in the commentary are as of March 20, 2018. This summary is intended to provide general information only and is reflective of the opinions of Commerce Trust.

This material is not a recommendation of any particular security, is not based on any particular financial situation or need, and is not intended to replace the advice of a qualified attorney, tax advisor or investment professional. Diversification does not guarantee a profit or protect against all risk.

Commerce does not provide tax advice or legal advice to customers. Consult a tax specialist regarding tax implications related to any product and specific financial situation.

Data contained herein from third-party providers is obtained from what are considered reliable sources. However, its accuracy, completeness or reliability cannot be guaranteed.

Commerce Trust is a division of Commerce Bank.