Identity Theft in Tax Profession: Key Prevention Tips

In today’s digital age, tax professionals are increasingly becoming targets for identity thieves. The IRS and the Security Summit have launched a vital educational series to help tax pros recognize and respond to data theft threats. As part of the ongoing “Protect Your Clients; Protect Yourself” series, this article will delve into the critical warning signs of identity theft, preventive measures, and steps to take if a breach occurs.

Understanding the Threat: Identity Theft in the Tax Profession

Identity theft is a growing concern in the tax industry. Criminals are constantly evolving their tactics, and with the implementation of stronger fraud defenses by the IRS and the Security Summit partners, tax professionals have become prime targets. These thieves aim to gain access to valuable client information to prepare fraudulent tax returns, exploiting the information to their advantage.

IRS Commissioner Danny Werfel emphasizes the importance of vigilance, stating, “Identity thieves are creative, and they can find ways of quietly penetrating systems.” Many tax professionals have discovered breaches only after weeks or months, making it crucial to recognize the warning signs early to protect both their business and their clients.

Warning Signs of Identity Theft

Tax professionals must be aware of several warning signs, both from their clients and within their own systems. Identifying these signs promptly can help mitigate the damage and prevent further security issues.

Red Flags from Clients

1. Unexpected IRS Online Account Notices: Clients might receive notifications about the creation of an IRS Online Account without their consent, or they might discover unauthorized access to their existing accounts. If clients notice that their IRS Online Account has been disabled or that they receive a tax transcript they didn’t request, these could be indicators of identity theft.
2. Inaccurate IRS Notices: Clients might receive IRS notices that don’t match their tax filings, such as incorrect balance due notices. They may also receive refunds without having filed a tax return or be contacted by clients about calls or emails that the tax pro didn’t make.

Red Flags within the Tax Professional’s Business

1. Unusual Computer Behavior: Slow or unresponsive computers, unexpected cursor movements, or unauthorized changes in data can be signs of a system compromise. Tax professionals should also be cautious if they are locked out of their network or if client tax returns are being rejected because their Social Security number has already been used.
2. Suspicious IRS Communications: Receiving IRS authentication letters (5071C, 6331C, 4883C, 5747C) without having filed a tax return can indicate a breach. Similarly, getting more e-file receipt acknowledgments than the number of returns filed or seeing transcripts in the Secure Object Repository that weren’t ordered are red flags.
3. CAF Number Compromises: Notifications from the IRS about a compromised Centralized Authorized File (CAF) number or a client that the tax professional doesn’t represent are also concerning. Proactively protecting the CAF number and possibly requesting a new one can help safeguard against misuse.

Steps to Take If a Data Breach Occurs

If a tax professional or their firm falls victim to a data breach, immediate action is crucial to minimize the impact. Here’s what to do:

1. Report the Incident: Notify the local IRS Stakeholder Liaison immediately. They will coordinate with the appropriate IRS offices to block fraudulent returns and assist in managing the breach. Speed in reporting is essential to limit the damage.
2. Contact State Tax Agencies: Visit the Federation of Tax Administrators to report the breach to the relevant state tax agency. They can provide additional support and guidance on managing the breach.
3. Proactive Client Communication: Inform clients who may have been affected by the breach. Suggest steps such as obtaining an Identity Protection PIN or completing Form 14039, the Identity Theft Affidavit, to protect their personal information.

Preventive Measures and Resources

Tax professionals should take proactive steps to protect their systems and client data. Here are some key resources and measures to consider:

1. Security Planning: The Security Summit partners have developed a comprehensive written information security plan (WISP). This 29-page document provides guidelines on safeguarding client and business information and is an invaluable resource for tax professionals.
2. Educational Resources: Refer to IRS Publication 5293, Data Security Resource Guide for Tax Professionals, for an overview of data security best practices. IRS Publication 4557, Safeguarding Taxpayer Data, also offers detailed security recommendations. Additionally, the National Institute of Standards and Technology provides fundamentals for small business information security.
3. Stay Updated: Subscribe to e-News for tax professionals and follow IRS social media channels for the latest updates on data security and identity theft prevention.

Conclusion

As identity theft becomes more sophisticated, tax professionals must remain vigilant and proactive. By recognizing the warning signs, implementing strong security measures, and responding swiftly to breaches, tax pros can protect their clients and their business from the damaging effects of data theft. Staying informed through the IRS, Security Summit, and other resources will help tax professionals navigate these challenges and safeguard their practice effectively.

For further information and to access helpful resources, visit the IRS identity theft information page for tax professionals.