The Internal Revenue Service works to combat tax identity theft. The move comes amid a rising number of identity theft and other online scams. Working together as the Security Summit (the Summit), the IRS, state tax authorities, and the tax industry remind tax professionals that they should contact the IRS immediately if there is a problem with identity theft from a customer. They encourage counselors to reach out to the appropriate insurance or cybersecurity experts to help them determine the cause and extent of the damage.
As part of their ongoing training series, the Summit will also help teach tax professionals how to act proactively to better protect customers and customer data. This year’s training focused on pushing tax professionals to work on securing their systems and protecting customer data. They highlighted the protection that multi-factor authentication and key security steps provide, the use of the identity protection PIN for customers, scams to steal unemployment benefits, and the dangers of phishing email / text scams.
Signs of tax identity theft
According to the summit, these are the critical signs to watch out for:
- Customer email returns were rejected because the customer’s social security number was already used on another return.
- Receive more e-file confirmations than tax returns submitted by tax specialists.
- Customers replied to emails that the tax advisor failed to send.
- Slow or unexpected computer or network responsiveness such as:
- The processing of software or actions takes longer than usual,
- The computer cursor moves or changes numbers without touching the mouse or keyboard,
- Unexpectedly locked out of a network or computer.
Tax professionals should also look out for warning signs when clients report they have received:
- IRS authentication letters (5071C, 4883C, 5747C) even though they didn’t submit a return.
- A refund even though you didn’t submit a return.
- A tax certificate that you did not request.
- Emails or calls from the tax advisor that he did not initiate.
- An indication that someone created an IRS online account for the taxpayer without their consent.
- A note that the taxpayer did not expect:
- Someone has accessed their IRS online account
- The IRS has deactivated his online account.
What do you do next
If you suspect a customer may be a victim of tax identity theft, the Summit recommends that you:
- Report your suspected theft local IRS stakeholder liaison. The liaison officers will notify the IRS Criminal Investigation and others within the agency on behalf of the practitioner. If reported quickly, the IRS can take steps to block fraudulent returns on behalf of customers and assist tax professionals through the process.
- Email to the Association of Tax Administrations [email protected]. Most states require the attorney general to be notified of data breaches. Several offices can be involved in this notification procedure.