The IRS has issued a warning asking tax professionals to watch out for “identity theft red flags” as criminals attempt to steal clients’ sensitive data.
- Clients receiving notice that an IRS online account was created without their consent, or that the IRS disabled their account or someone accessed their account without their knowledge.
- Clients receiving a tax transcript they did not request.
- Clients receiving “balance due” or other IRS notices which are incorrect based on the tax return they have filed.
- Clients responding to emails or calls that their tax consultant did not initiate.
- Clients receiving tax refunds even though they have not filed their return.
If the tax returns of clients are rejected because their social security number was used on another return, it should be seen as a red flag by tax professionals, the IRS states.
Getting IRS authentication letters even though a tax return has not been filed is also a matter of concern. So is getting more e-file receipt acknowledgments than what has been filed by the tax professional.
According to a May 10 report by the U.S. Treasury, the IRS identified almost 1.1 million tax returns as being potentially fraudulent for the 2023 filing season as of March 2. The 1.1 million potentially fake returns had a refund claim totaling around $6.3 billion.
The IRS had confirmed 12,617 tax returns as fraudulent, preventing the issuance of $105.3 million in refunds to identity theft criminals.
Dealing With Security Breach
When theft of client data is identified, tax professionals should determine the type of data breach. Hackers may have stolen data by pretending to be someone that an employee at the tax service trusts and thus gained data access details.Criminals may have resorted to brute force attacks to break into the service’s systems. They could have also used an existing vulnerability or security flaw in the network to steal data.
Tax professionals must identify the information that was compromised and the time period when the breach occurred.
“Speed is critical. IRS stakeholder liaisons will ensure all the appropriate IRS offices are alerted. If reported quickly, the IRS can take steps to block fraudulent returns in the clients’ names and will assist tax pros through the process,” the agency warns.
Professionals can also send an email to the Federation of Tax Administrators at [email protected].
In addition, the tax service should check with their insurance firms to see if the policy covers data breaches. The Federal Trade Commission (FTC) can provide guidance on how to handle breach situations.
Massive Tax Identity Theft
The IRS warning to tax professionals comes as seven individuals were charged in early March for a stolen identity tax refund scheme that sought to collect $100 million from the IRS.The conspirators are alleged to have stolen the identities of accountants and taxpayers by filing at least 371 false tax returns claiming over $111 million in refunds from the tax agency, according to a March 13 press release by the Department of Justice (DoJ).
Fraudsters used the stolen data of taxpayers and tax preparers to approach the IRS as authorized agents of the taxpayers.
“The conspirators then allegedly directed the IRS to change the addresses on file for the taxpayers and to send their tax information, including account transcripts and wage records, to the addresses controlled by the conspirators,” according to the release.
Then, they “used this information to electronically file tax returns claiming fraudulent refunds and directed the IRS to split the refunds among several prepaid debit cards.”
“Prior to issuing tax refunds to some taxpayers, the IRS allegedly sent verification letters to the addresses controlled by the defendants, and the defendants and others, pretending to be the taxpayers, instructed the IRS to release the refunds.”
