Tax returns are a prime target for identity thieves. After all, the IRS processes billions of dollars in tax refunds every year, and criminals follow the money. A thief needs little more than your name and Social Security number (SSN) to file a fraudulent tax return and pocket the refund. Then, when you attempt to file your return, the IRS or state tax authority informs you that you’re attempting to file a duplicate return. It can take months to resolve the matter, cause unwelcome headaches and delay any legitimate refunds you expect.
Increasingly, identity thieves also target entities — including corporations, partnerships, estates, and trusts —and use stolen information to file phony tax returns. Criminals also attempt to steal employee data from employers to help them execute individual identity theft.
IRS cracks down on ID theft
In recent years, tax-related identity theft has substantially declined, due in large part to actions taken by the IRS. For example, the IRS has improved filters in its computer systems, enabling it to flag potentially fraudulent returns. The system looks for anomalies, such as dramatic differences in a taxpayer’s returns from one year to the next or wage information that doesn’t match the information provided by employers.
In addition, online tax preparers and software companies have beefed up their security and implemented measures to confirm their customers ’identities. For example, many providers use multifactor authentication — such as a password plus a code sent by text — to verify a user’s identity. On the business side, the IRS now requires tax preparers to furnish additional information to verify that a return is legitimate. These efforts have been effective, but tax-related identity theft remains a major threat. So individuals and businesses need to take steps to protect themselves.
For individuals, one of the keys to preventing tax-related (and other forms of) identity theft is to keep your SSN private. Don’t carry your Social Security card with you and don’t provide your SSN to others unless necessary (and never provide it via email). Beware of phishing emails. These are official-looking emails designed to look like they’re from the IRS, a financial institution, or an executive at your company, but are actually from criminals attempting to steal your SSN, bank account numbers, or passwords. Never click on links or attachments in emails unless you’re positive they’re legitimate. And remember that the IRS, banks, and most other legitimate businesses will never ask you for financial or personal information via email.
Other steps you should take to protect yourself include:
- Using strong passwords for computers, mobile devices, and financial websites, and changing them periodically,
- Using antispam and antivirus software on your computers and installing all security updates,
- Reconciling bank and brokerage statements and reviewing them for suspicious activity,
- Storing bank statements and tax documents in a secure location and shredding them when no longer needed,
- Reviewing your credit report periodically for suspicious activity,
- Locking your mailbox, retrieving mail daily, and shredding credit card solicitations and other mail thieves can use to obtain your SSN or other personal information, and
- Exercising caution when using public wi-fi networks. Use a virtual private network (VPN) service to encrypt any information you transmit over these networks.
Finally, file your return as early as possible. In the event identity thieves do obtain your SSN or other information, filing first will prevent them from claiming a refund in your name.
Businesses should take steps to protect their information as well as that of their employees. If you’re an owner, provide training to accounting, human resources, and other employees to educate them on the latest tax fraud schemes and how to spot phishing emails;
using secure methods to send W-2 forms to employees, and implementing risk management strategies designed to flag suspicious communications. If you’re an employee, try to find out if your employer is following these best practices.
Responding to a theft
If you become a victim of tax-related identity theft:
- File a complaint with the Federal Trade Commission (https://www.identitytheft.gov/) and local law enforcement,
- Contact the three major credit bureaus to place a “fraud alert” on your credit records and the IRS, and
- Submit an Identity Theft Affidavit (Form 14039) (https://www.irs.gov/pub/irspdf/f14039.pdf) to the IRS. You’ll receive a six-digit Identity Protection Personal Identification Number (IP PIN) for use in filing electronic or paper returns.
You should also contact your financial institutions and close any accounts that have been compromised or opened fraudulently. If you have any questions regarding the above, please do not hesitate to contact us. You may view a copy of this and other FBD memos on our website under PUBLICATIONS – http://www.fbco.com/publications/