The Internal Revenue Service is taking a stand against tax identity theft. The move comes amid rising numbers of identity theft and other online scams. Working together as the Security Summit (the Summit), the IRS, state tax agencies and the tax industry are reminding tax professionals that they should contact the IRS immediately when there’s an identity theft issue with a client. They recommend that advisors contact the appropriate insurance or cybersecurity experts to assist them with determining the cause and extent of the loss.
As part of their ongoing series of training, the Summit is also helping to teach tax professionals how they can be proactive to better protect clients and client data. This year’s training focused on urging tax professionals to work on securing their systems and protecting client data. They highlighted the protections offered by multifactor authentication and key security steps, the use of the identity protection PIN for clients, scams to steal unemployment benefits and the dangers of phishing email/text scams.
Signs of Tax Identity Theft
According to the Summit, these are the critical signs to look out for:
- Client e-filed returns rejected because client’s Social Security number was already used on another return.
- More e-file acknowledgements received than returns the tax professional filed.
- Clients responded to emails the tax professional didn’t send.
- Slow or unexpected computer or network responsiveness such as:
- Software or actions take longer to process than usual.
- Computer cursor moves or changes numbers without touching the mouse or keyboard.
- Unexpectedly locked out of a network or computer.
Tax professionals should also watch for warning signs when clients report they’ve received:
- IRS authentication letters (5071C, 4883C, 5747C) even though they haven’t filed a return.
- A refund even though they haven’t filed a return.
- A tax transcript they didn’t request.
- Emails or calls from the tax professional that they didn’t initiate.
- A notice that someone created an IRS online account for the taxpayer without their consent.
- A notice the taxpayer wasn’t expecting that:
- Someone accessed their IRS online account.
- The IRS disabled their online account.
What to Do Next
If you suspect a client is the victim of tax identity theft, the Summit recommends that you:
- Report suspected theft to your local IRS stakeholder liaison. Liaisons will notify IRS Criminal Investigation and others within the agency on the practitioner’s behalf. If reported quickly, the IRS can take steps to block fraudulent returns in the clients’ names and will assist tax professionals through the process.
- Email the Federation of Tax Administrators at [email protected]. Most states require that the state attorney general be notified of data breaches. This notification process may involve multiple offices.