The IRS has kicked off a summer campaign to prepare tax professionals, and more broadly, the nation’s tax community, against potential identity theft attempts of clients and their own establishments.
On Tuesday, the Internal Revenue Service (IRS) announced the start of its “Protect Your Clients: Protect Yourself” campaign aimed at “ensuring tax professionals stay alert against new and ongoing threats of tax-related identity theft,” according to a July 11
press release. The IRS warned that tax professionals are “prime targets” of criminals that trick or hack to gain access to their computer systems to access data about their clients. The agency said that identity thieves use this stolen information to file fraudulent tax returns or sell the data to other fraudsters.
Tax identity theft is an issue that
affects hundreds of thousands of American taxpayers. According to a May 10 report (
pdf) by the U.S. Treasury, the IRS identified almost 1.1 million tax returns as being potentially fraudulent for the 2023 filing season as of March 2.
Criminals use the stolen information about a taxpayer to file returns and claim a tax refund. The 1.1 million potentially fake returns had a refund claim totaling around $6.3 billion.
The IRS had confirmed 12,617 tax returns as fraudulent, preventing the issuance of $105.3 million in refunds to identity theft criminals.
IRS Commissioner Danny Werfel called tax
professionals “a critical part” of the agency’s defenses against identity thieves. “The sensitive financial and tax information they hold is a tempting target. It’s critical that those handling sensitive tax information, especially smaller practices, stay current and keep their systems safe.”
Among the ways the IRS recommends tax professionals protect their clients include signing up people for identity protection PINs (IP PINs). An IP PIN is a six-digit
number assigned to a taxpayer that prevents some other individual from filing tax returns using the taxpayer’s Social Security Number or the Individual Taxpayer Identification Number. Only the taxpayer and the IRS will have information about the IP PIN.
Tax Summit Recommendations
The IRS recommends tax professionals create a security plan using the Written Information Security Plan (WISP) model developed by Security Summit.
Regarding common online hacking techniques like phishing, spear phishing and whaling, these are “cyber schemes that put sensitive information at risk. Tax pros are a common, everyday target of phishing scams designed to trick the recipient into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Tax professionals and taxpayers should be aware of different phishing terms and what the scams might look like.”
Phishing happens when malicious actors pretend to be reputable companies and send fraud emails to unsuspecting victims while spear phishing targets a specific person or group. Whaling is a phishing technique that targets senior corporate executives and encourages mail recipients to do some actions that benefit the hackers.
The IRS also
asks that tax professionals keep themselves informed about cyber schemes like phishing and know the tell-tale signs of identity theft.
According to the July 11 IRS
press release, “the Summit partners have made great inroads against tax-related identity theft, dramatically reducing confirmed identity theft returns and saving billions in tax dollars during the course of the collaborative effort.”
In the 2015
filing season, the IRS had 1.4 million confirmed identity theft returns. This fell to 649,000 in filing season 2018 and 56,831 for
filing season 2021. During filing season 2022, confirmed identity theft returns rose to 210,130.
The “Protect Your Clients: Protect Yourself” campaign is being done in partnership with Security Summit, a membership
group comprising 42 state agencies and 20 industry offices, in addition to the IRS. The annual campaign, which
began in 2015, is in its eighth year.
How to ‘Protect Yourself’
While the “Protect Your Clients: Protect Yourself” program is aimed at tax professionals, the agency stresses the need for individual taxpayers to be vigilant about criminals targeting them for tax identity theft.
According to the IRS, some of the red signals that could indicate your tax
identity has been stolen include getting a letter from the agency regarding a suspicious tax return that you did not file.
A taxpayer receiving a tax transcript via mail that was not requested is a sign to be alert.
The agency has advised citizens to inform them if they were unable to e-file tax returns due to a duplicate social security number or getting assigned an Employer Identification Number without requesting it.
If you get an IRS notice that an online account has been created in your name without your knowledge, then you could be a victim of ID theft.
While checking IRS records, if it indicates you received wages or other income from an employer you didn’t work for, then it is another sign of malicious activity within your account.
The U.S. Federal Trade Commission (FTC)
recommends that taxpayers keep their tax records and social security card in a safe place. In case taxpayers are using software like TurboTax, TaxAct, or TaxSlayer to prepare their returns, the agency asked that they use multi-factor authentication for extra security.
In addition, taxpayers should avoid giving personal info to people who call, text, or email and claim that they represent the IRS as such contacts may be scammers, the FTC warned.
If your tax refund has been stolen, the FTC recommends that the incident be reported at IdentityTheft.gov.
Suppose your Social Security number is compromised and you know or suspect you are a victim of tax-related identity theft. In that case, the IRS recommends visiting IdentityTheft.gov or calling 800-908-4490 for specialized assistance.