Close

IRS warns tax pros about ID theft signs

The Internal Revenue Service is teaming up with state tax authorities and the tax prep industry to alert tax professionals about some of the warning signals of taxpayer identity theft.

As part of their Security Summit initiative, the IRS and its partners have been mounting a public awareness campaign this summer about cybersecurity risks for tax professionals (see story). On Tuesday, the Security Summit highlighted the signs of identity theft.

The effort comes amid reports of an unprecedented wave of billions of dollars in fraudulent claims for unemployment benefits and other forms of federal and state aid during the COVID-19 pandemic after the government eased the guardrails for applying to the programs. Many of the scammers have been operating outside the U.S., but have been filing claims using the stolen identities and personal information of U.S. citizens they gained through data breaches. Tax professionals, with the wealth of data residing on their clients’ tax returns, have needed to be especially vigilant.

“There are tell-tale signs of identity theft that tax pros can easily miss,” said IRS Commissioner Chuck Rettig in a statement. “Identity thieves continue to look for ways to slip into the systems of tax pros to steal data. We urge practitioners to take simple steps and remain on the lookout for signs of data and identity theft. They are a critical first line of defense against identity theft.”

IRS Commissioner Charles Rettig

Andrew Harrer/Bloomberg

The IRS said it often hears from tax professionals who report data thefts that they did not immediately recognize the tell-tale signs. The agency and its partners asked tax professionals to watch out for these critical signs:

  • A client’s electronically filed tax returns were rejected because the client’s Social Security Number was already used on another return.
  • More e-file acknowledgements have been received than the number of tax returns filed by the tax preparer.
  • Clients have responded to emails that the tax preparer didn’t send.
  • They see slow or unexpected computer or network responsiveness such as software or actions that take longer to process than usual.
  • The computer cursor moves or changes in numbers happen without touching the mouse or keyboard.
  • The tax pro is unexpectedly locked out of a network or computer.

Tax pros should also watch out for some of the warning signs when clients report they’ve received:

  • IRS Authentication letters (5071C, 4883C, 5747C) even when they haven’t filed a return;
  • A tax refund even if they haven’t filed a tax return;
  • A tax transcript they did not request;
  • Emails or phone calls from the tax pro that they didn’t initiate;
  • A notice that someone created an IRS online account for the taxpayer without their consent;
  • A notice the taxpayer wasn’t expecting that someone accessed their IRS online account, or the IRS disabled their online account.

These are just some of the most common examples. Tax pros should also make sure they have the highest security possible and contact these sources if they sense or see something amiss.

If tax pros or their firm fall victim to data theft, they should immediately report it to their local IRS Stakeholder Liaison. The liaison will then notify IRS Criminal Investigation and others within the IRS on behalf of the tax practitioner. If the incident is reported quickly, the IRS can soon take steps to block fraudulent tax returns in the clients’ names and will help tax pros get through the process.

Tax pros who fall prey to identity theft should also email the Federation of Tax Administrators atStateAlert@taxadmin.org to report victim information to the states. Most states require that the state attorney general be notified of data breaches. The notification process could involve multiple offices.

More information can be found at Data Theft Information for Tax Professionals.

Also see the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology. The IRS Identity Theft Central pages for tax pros, individuals and businesses include additional information as well.

Publication 5293, Data Security Resource Guide for Tax Professionals, compiles the various data theft information available on IRS.gov. For more info, see Boost Security Immunity: Fight Against Identity Theft.