IRS, states and industry offer tips to tax professionals on spotting signs of client data theft
WASHINGTON — The Internal Revenue Service and its Security Summit partners today urged tax professionals to learn the tell-tale signs that their office may have experienced a data theft that resulted in fraudulent tax returns being filed in their clients’ names.
The IRS, state tax agencies and the private-sector tax industry, working together as the Security Summit, warned practitioners that global criminal syndicates remain active, and they are well financed, high skilled and tax savvy in their attempts to gain sensitive tax data.
The reminder came as the IRS and the Summit partners encouraged tax professionals to take time this summer to review their data security protection. To help the tax community, the Summit partners offered a new “Taxes-Security-Together” Checklist as a starting point.
“Learning the signs of identity theft is critical for anyone handling taxpayer data,” said IRS Commissioner Chuck Rettig. “It can be as subtle as an unusually slow computer system or as obvious as multiple clients unexpectedly receiving the same IRS notice. Paying attention to these details is critical, and fast action alerting the IRS and calling in a security expert can help protect taxpayers and your business.”
Recognizing the signs of data theft is the fourth item on the “Taxes-Security-Together” Checklist. Previous checklist items include: deploying the “Security Six” basic steps, creating a written data security plan and educating yourself on email phishing scams.
Although the Security Summit -- a partnership between the IRS, states and the private-sector tax community started in 2015 -- is making major progress against tax-related identity theft, cybercriminals continue to quickly evolve, and data thefts at tax professionals’ offices remain a major attack point. Thieves use stolen data from tax practitioners to create fraudulent returns that are harder for Summit partners to detect.
Recognize the signs of client data theft
The IRS and Summit partners have created a list of warning signs that a tax professional or their office may have experienced a data theft:
• Client e-filed returns begin to be rejected by the IRS or state tax agencies because returns with their Social Security numbers were already filed;
• Clients who haven’t filed tax returns begin to receive taxpayer authentication letters (5071C, 4883C, 5747C) from the IRS to confirm their identity for a submitted tax return.
• Clients who haven’t filed tax returns receive refunds;
• Clients receive tax transcripts that they did not request;
• Clients who created an IRS Online Services account receive an IRS notice that their account was accessed or IRS emails stating their account has been disabled. Another variation: Clients unexpectedly receive an IRS notice that an IRS online account was created in their names;
• The number of returns filed with the tax professional’s Electronic Filing Identification Number (EFIN) exceeds the number of clients;
• Tax professionals or clients responding to emails that the firm did not send;
• Network computers running slower than normal;
• Computer cursors moving or changing numbers without touching the keyboard;
• Network computers locking out employees.
“Tax professionals should be on the lookout for these scary scenarios that have hit firms across the country, jeopardizing data of the company and their clients,” Rettig said.
Because IRS and state tax systems will only accept one unique Social Security number, taxpayers often discover they are a victim when they attempt to e-file and their tax return is rejected because a return with their SSN already is in the system. Or, more commonly, the IRS identifies a return that could be an identity theft return and sends a letter to the taxpayer asking them to contact the agency to let the IRS know if they filed the return.
Identity thieves sometimes try to leverage the stolen data by usi
