8/17/2021
Candace J. Dixon
Internal Revenue Service Security Summit partners urged tax professionals to learn the signs of data theft and react quickly to protect client as identity thieves continue to target the tax community.
Tax professionals should contact the IRS immediately when there’s an identity theft issue, while also contacting insurance or cybersecurity experts to assist them with determining the cause and extent of the loss. One common refrain the IRS hears from tax professionals reporting data thefts is that they did not immediately recognize its signs.
Tax professionals should be alert for these critical signs:
Client e-filed returns rejected because their Social Security Number was already used on another return.
More e-file acknowledgements received than returns filed.
Clients responding to emails the tax pro didn’t send.
Slow or unexpected computer or network responsiveness such as software or actions taking longer to process than usual; computer cursors moving or changing numbers without touching the mouse or keyboard; unexpected lock outs from a network or computer.
They should also watch for warning signs from client reports about receiving:
IRS Authentication letters (5071C, 4883C, 5747C) even though they haven’t filed a return.
A refund even though they haven’t filed a return.
A tax transcript they didn’t request.
Emails or calls from the tax pro that they didn’t initiate.
A notice that someone created an IRS online account for them without their consent.
A notice they weren't expecting that someone accessed or disabled their IRS online account.
“There are tell-tale signs of identity theft that tax pros can easily miss,” said IRS Commissioner Chuck Rettig. “Identity thieves continue to look for ways to slip into the systems of tax pros to steal data. We urge practitioners to take simple steps and remain on the lookout for signs of data and identity theft. They are a critical first line of defense against identity theft.”
Tax pros should make sure they have the highest security possible and contact these sources if they sense or see something amiss:
Stakeholder Liaison Local Contacts: They will notify IRS Criminal Investigation and others within the agency on the practitioner’s behalf. Speed is critical; if reported quickly, the IRS can take steps to block fraudulent returns in the clients’ names and will assist tax pros throughout the process.
Federation of Tax Administrators: Email StateAlert@taxadmin.org to get information on how to report victim's information to the states. Most states require the state attorney general to be notified of data breaches. The notification process may involve multiple offices.
More information can be found at Data Theft Information for Tax Professionals.
Knowing the signs of identity theft is the final part in a five-part series sponsored by the Summit partners to highlight critical steps tax professionals can take to protect client data. This year’s theme “Boost Security Immunity: Fight Against Identity Theft,” focused on urging tax professionals to secure their systems and protect client data during the pandemic and its aftermath. This summertime series, now in its sixth year, highlighted the protections offered by multi-factor authentication, the use of the Identity Protection PIN for clients, scams to steal unemployment benefits, and the dangers of phishing email/text scams.
#cybersecurity #securitysummit
Resources:
Publication 4557, Safeguarding Taxpayer Data
Small Business Information Security: The Fundamentals
Publication 5293, Data Security Resource Guide for Tax Professionals