According to the IRS tax professionals have a precious commodity that identity thieves desperately want — client tax information. With stronger fraud defenses put in place by the IRS and Security Summit partners, identity thieves need this essential information to help complete their crime.
"It’s important for tax professionals to protect their systems from identity thieves who always look for new methods to steal data," said IRS Commissioner Danny Werfel. "There are practical ways for practitioners to keep on top of the latest trends and signs of data and identity theft."
The IRS, state tax agencies and the nation’s tax industry – working together as the Security Summit – reminded tax professionals that they should contact the IRS immediately when there's an identity theft issue while also contacting insurance or cybersecurity experts to assist them with determining the cause and extent of the loss.
Tax professional victims have frequently shared their concern with IRS that they did not immediately spot the signs of data theft. Here are some things that can help.
Tax pros: Know the warning signs Tax pros should be on the lookout for these critical warning signs from their clients:
Clients receive notice that an IRS Online Account was created without their consent or that:
Someone accessed their IRS Online Account without their knowledge.
The IRS disabled their Online Account.
Clients receive a tax transcript they didn't request.
Balance due or other notices from the IRS are received that are not correct based on the tax return filed.
Clients respond to calls or emails the tax pro didn't make.
Clients receive refunds without filing a tax return.
Tax professionals should also watch for these red flags when their business experiences:
Slow or unexpected computer or network responsiveness such as:
Software or actions take longer to process than usual.
Computer cursor moves or changes numbers without touching the mouse or keyboard.
Unexpectedly being locked out of a network or computer.
Client tax returns being rejected because their Social Security number was already used on another return.
IRS authentication letters (5071C, 6331C, 4883C, 5747C) being received even though a tax return hasn’t been filed.
Getting more e-file receipt acknowledgements than the tax pro filed.
While these are only a few examples, tax pros should ensure they have the highest security possible and be ready to react quickly to protect themselves and their clients. To help tax pros, the Summit partners created the Written Information Security Plan or WISP is a 28-page, easy-to-understand document developed by and for tax and industry professionals to keep customer and business information safe and secure.
Report immediately If a tax pro or their firm are the victim of data theft, they should:
Report it to their local IRS Stakeholder Liaison. Speed is critical. IRS Stakeholder Liaisons will ensure all the appropriate IRS offices are alerted. If reported quickly, the IRS can take steps to block fraudulent returns in the clients' names and will assist tax pros through the process.
Email the Federation of Tax Administrators at StateAlert@taxadmin.org. They will provide guidance on reporting to state tax agencies. Most states require that the state attorney general be notified of data breaches.
Tax professionals should be proactive with clients that could have been impacted and suggest appropriate actions, such as obtaining an IP PIN or completing a Form 14039, Identity Theft Affidavit, if applicable.
Comments