Taxpayer-Related Identity Theft

The IRS has launched a new website, Identity Theft Central, providing information regarding how to recognize identity theft, how to take action, and how to protect yourself.

REMEMBER: The IRS does not request personal or financial information by email, text, or social media. They do not threaten with lawsuits and arrests.

Individuals: Don’t become a victim

  1. Know the signs
    1. You get a letter from the IRS inquiring about a suspicious tax return that you did not file.
    2. You can’t e-file your tax return because of a duplicate Social Security number.
    3. You get a tax transcript in the mail that you did not request.
    4. You get an IRS notice that an online account has been created in your name.
    5. You get an IRS notice that your existing online account has been accessed or disabled when you took no action.
    6. You get an IRS notice that you owe additional tax or refund offset, or that you have had collection actions taken against you for a year you did not file a tax return.
    7. IRS records indicate you received wages or other income from an employer you didn’t work for.
  2. Take Action
    1. Call the IRS Service Center where you normally file your tax return.
    2. Call Identity Theft Central for specialized assistance at 1-800-908-4490.
    3. Complete Form 14039, Identity Theft Affidavit.
    4. Visit IdentityTheft.gov.
    5. If you believe someone has been using your social security number for employment rather than for tax returns, visit the IRS Guide to Employment-Related Identity Theft.
  3. Protect Yourself
    1. Use updated anti-virus software, including encryption programs.
    2. Use multi-factor authentication wherever possible.
    3. Don’t provide personal or financial information unless the website has an “https” address.
    4. Never open email attachments you weren’t expecting, even from people you know.
    5. Never download anything from a pop-up ad.
    6. Create password phrases that are easy for you to remember but impossible to guess and regularly change them changing. For example “noGuessing2020!”
    7. Don’t use the same login ID and password in multiple places. Thieves may steal it from one source and attempt to use it in others.

Tax Pros: What are your responsibilities?

  1. Develop a Data Security Plan
    1. IRS Pub 557, Safeguarding Taxpayer Data
    2. NISTIR 7621, Small Business Information Security: The Fundamentals
    3. IRS Taxes-Security-Together Checklist
    4. Protect Your Clients; Protect Yourself
  2. Know the Signs
    1. Client e-filed returns reject because of duplicate tax identification number.
    2. You receive an e-file acknowledgements for a return you didn’t file.
    3. Your clients respond to emails that you didn’t send.
    4. Your computer cursor moves or changes numbers without you touching it.
    5. You get locked out of your network or computer.
    6. Your clients tell you that they receive notices, letters, refunds, or transcripts from the IRS that they weren’t expecting.
  3. Take Action
    1. Quickly report it to a Stakeholder Liaison.
    2. Report it to the state using the Federation of Tax Administrators at StateAlert@taxadmin.org.
  4. Protect Yourself
    1. Use updated anti-virus security software and firewalls.
    2. Create password phrases that are easy for you to remember but impossible to guess and regularly change them changing.
    3. Don’t use the same login ID and password in multiple places. Thieves may steal it from one source and attempt to use it in others.
    4. Encrypt all sensitive files/emails and use strong password protections.
    5. Back up sensitive data to a safe and secure external source.
    6. Wipe clean or destroy old computer hard drives and printers.
    7. Limit access to taxpayer data to individuals who need to know.
    8. Never open email attachments you weren’t expecting, even from clients.
    9. Track your e-filing acknowledgments.
    10. Track your weekly EFIN usage.
    11. Monitor your PTIN account.

Businesses: Identity theft is a serious threat to you and your employees

  1. Know the Signs
    1. You can’t e-file your tax return because of a duplicate Employer Identification Number.
    2. An extension request is denied because a return is already on file.
    3. You receive notices, letters, refunds, or transcripts from the IRS that you weren’t expecting.
    4. You change your business address and then stop receiving expected communications from the IRS.
  1. Take Action
    1. Report a Form W-2 email scam involving employee data.
    2. Call the IRS.
      1. For-profit businesses, 1-800-829-4933
      2. Nonprofit businesses, 1-877-829-5500
    3. Notify law enforcement.
    4. Notify affected businesses and individuals.
    5. Review the Federal Trade Commission Data Breach Response Guide.
  1. Protect Yourself
    1. Use updated anti-virus security software and firewalls.
    2. Educate employees regarding the dangers of phishing attacks.
    3. Create password phrases that are easy for you to remember but impossible to guess and regularly change them changing.
    4. Don’t provide personal or financial information unless the website has an “https” address.
    5. Encrypt all sensitive files/emails and use strong password protections.
    6. Back up sensitive data to a safe and secure external source.
    7. Wipe clean or destroy old computer hard drives and printers.
    8. Limit access to taxpayer data to individuals who need to know.
    9. Never open email attachments you weren’t expecting, even from people you know.
    10. Develop a Data Security Plan
      1. IRS Pub 557, Safeguarding Taxpayer Data
      2. NISTIR 7621, Small Business Information Security: The Fundamentals

For more information, please reach out to us for a free initial consultation.