Protecting Your Data from Phishing Scams
As part of the Security Summit, the Internal Revenue Service published a guide on how to protect yourself from phishing scams. The new scams attempt to prey on taxpayers and tax advisors using COVID-19, Economic Impact Payments and taking advantage of teleworking by tax professionals.
IRS Commissioner Chuck Rettig stated, “The coronavirus has created new opportunities for cybercriminals to use email to try stealing sensitive information. The vast majority of data thefts start with a phishing email trick. Identity thieves pose as trusted sources – a client, your software provider or even the IRS – to lure you into clicking on a link or attachment. Remember, don’t take the bait. Learn to recognize and avoid phishing scams.”
The Security Summit emphasized four general phishing strategies. These include an urgent message, a delayed notice, COVID–19 fears and posing as a client.
1. Urgent message
A common phishing scam is to send a message that appears to be urgent. It may claim to be from one of the victims’ financial institutions and explains that an account password or log in information has expired. The victim is directed to click on the link to restore account data. The phishing email often comes from a site that is one letter or number different from the official website. When the user clicks on the link, malware will be installed on the computer, which enables the thief to steal personal information and passwords.
2. Delayed notice
After the thief has installed malware on a computer, he or she may delay taking action for a period of time. One tax preparation firm had thieves on their network for 18 months without any indication. The thieves downloaded and accessed taxpayer information during that entire timeframe prior to the discovery of the information technology breach.
3. COVID–19 Fears
Another common phishing attack is for the fraudster to claim to be a provider of face masks or personal protective equipment (PPE). The scammer explains that the face masks or PPE are in such short supply that you need to order immediately from his or her organization. When you click to order, the scammer loads malware on your computer.
4. Posing as a client
Many tax professionals are in daily communication with large numbers of existing clients. A fraudster may hack the email account of a client and then send an email to the tax professional. The tax professional may be expecting contact from that client and does not realize that the email has been sent from a different web site or server. When the tax professional clicks on a link, malware is downloaded. Tax professionals are urged by the Security Summit to make contact with clients by phone or video conference if they receive a suspicious email.
Everyone needs to be aware of the risk of phishing emails. Most successful fraudster attacks start with a phishing email. Tax professionals must continually educate their staff on the “dangers and risks of opening suspicious emails – especially during the COVID-19 period.”
Additional security recommendations are available in IRS Publication 4557, Safeguarding Taxpayer Data and in the Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology.
Payroll Taxes May be Deferred Until the End of 2020
On August 8, 2020, the President signed an order that directed Treasury Secretary Mnuchin to defer payroll collections from September 1 through December 31, 2020. Secretary Mnuchin was also directed to “explore avenues, including legislation, to eliminate the obligation to pay the taxes deferred pursuant to the implementation of this memorandum.”
While the payroll taxes could be deferred for these four months, they will need to be paid by businesses unless Congress acts to forgive the taxes.
The order by the President met with immediate opposition. Senate Finance Committee Ranking Member Ron Wyden (D–OR) stated, “While employers are unlikely to risk a massive tax liability by not collecting payroll taxes or having to double up collection later, if they do go along with this stunt, it would drain the Social Security trust fund.”
The order stated, “The Secretary of the Treasury is hereby directed to use his authority pursuant to 26 U.S.C. 7508A to defer the withholding, deposit, and payment of the tax imposed by 26 U.S.C. 3101(a), and so much of the tax imposed by 26 U.S.C. 3201 as is attributable to the rate in effect under 26 U.S.C. 3101(a), on wages or compensation, as applicable, paid during the period of September 1, 2020, through December 31, 2020.” The deferral is limited to employees with a biweekly pay amount of less than $4,000, calculated on a pretax basis. The deferred amount will not lead to penalties and interest, or other additional taxes.
Christopher Hesse, CPA, is Chair of the AICPA Tax Executive Committee. He sent a letter on August 12, 2020, to Assistant Secretary for Tax Policy David J. Kautter and IRS Commissioner Charles P. Rettig. The AICPA requested multiple provisions from Treasury to clarify the policies.
AICPA asks that the payroll tax deferral be voluntary and the employee must make an affirmative election. If the employee does not elect to defer payroll taxes, they will continue to be withheld, deposited and paid.
Treasury should define the specifics on the $4,000 limit for biweekly payroll. AICPA suggests that this be a cliff setting, with employees over that level not eligible for the payroll tax deferral. There should also be a model notice that explains the plan to employees. The model notice should “specify that the employee is required to pay the deferred amount to the IRS.”
Treasury should also publish the specific due dates and forms for payment of the deferred taxes.
Editor’s Note: Based on the comments by AICPA and other organizations, it is uncertain how many business entities will choose to defer payroll taxes until the end of the year. Members of Congress have stated that they will oppose forgiveness of the four months of deferred payroll tax. This payroll option will be subject to discussion and potential modification during the next weeks.
Final Regulations on SALT Charitable Workarounds
On August 10, 2020, Treasury published final regulations (T.D. 9907) on the state and local tax (SALT) workarounds involving charitable gifts and state tax credits.
New York, Connecticut and New Jersey and other states were concerned about the Tax Cuts and Jobs Act $10,000 limit on SALT deductions. They created several “workaround” programs that would allow individuals to make charitable gifts to government entities and report the charitable deduction on their federal tax return. The State then granted the individual a reduction in state taxes through a credit.
Charitable contributions are generally deductible under Sec. 170(a)(1). This deduction is permitted for gifts to a nonprofit or a governmental entity such as a state or a political subdivision of a state.
Business entities are permitted a deduction for ordinary and necessary expenses under Sec. 162(a). Regulation 1.162–15(a) limits business ordinary and necessary deductions if there has been a deduction under Section 170 or another code provision.
Section 164(a) permits deductions for state and local taxes. Section 164(b)(6) limits the SALT deduction to $10,000 per year.
To limit the use of a charitable workaround to provide SALT deductions in excess of $10,000, in 2019 Treasury published final regulations on the topic. The final regulations state, “If a taxpayer makes a payment, or transfers property to or for the use of an entity described in Section 170(c), and the taxpayer receives or expects to receive a State or local tax credit in return for such transfer, the tax credit constitutes a return benefit to the taxpayer, or quid pro quo, reducing the taxpayer’s charitable contribution deduction.” Reg. 1.170A–1(h)(3).
Businesses were concerned that the anti–SALT regulations would limit their ordinary and necessary expense deductions under Sec. 162. The IRS final regulations are designed to clarify the deductibility of transfers by business entities. The final regulations state, “A transfer to a Section 170(c) entity may constitute an allowable deduction as a trade or business expense under Section 162, rather than a charitable contribution under Section 170.”
The final regulations also provide safe harbors for a C corporation or pass-through entity to qualify for a deduction under the ordinary and necessary business expense standard of Sec. 162. The safe harbors apply only to gifts of cash and cash equivalents. For some passthrough entities, the safe harbor does not apply if there is a state or local income tax credit.
The final regulations retain the Sec. 164 safe harbor. If a portion of a contribution is disallowed under Reg. 1.170A–1(h)(3), it is still deductible under Sec. 164, provided it is not excluded by the $10,000 tax limitation under Sec. 164(a)(6).
Finally, the regulations apply the quid pro quo rule to cover donors who receive benefits either from a donee or a third party. The final regulations “amend the language in Reg. 1.170A–1(h)(2)(I)(B) to state that the fair market value of goods and services includes the value of goods and services provided by parties other than the donee.”
Editor’s Note: The regulations are generally effective August 11, 2020. These regulations are consistent with efforts by Treasury to limit the effectiveness of the SALT workarounds, while continuing to permit businesses to deduct ordinary and necessary expenses.
Applicable Federal Rate of 0.4% for August — Rev. Rul. 2020-15; 2020-32 IRB 1 (16 July 2020)
The IRS has announced the Applicable Federal Rate (AFR) for August of 2020. The AFR under Section 7520 for the month of August is 0.4%. The rates for July of 0.6% or June of 0.6% also may be used. The highest AFR is beneficial for charitable deductions of remainder interests. The lowest AFR is best for lead trusts and life estate reserved agreements. With a gift annuity, if the annuitant desires greater tax-free payments the lowest AFR is preferable. During 2020, pooled income funds in existence less than three tax years must use a 2.2% deemed rate of return.