Tax returns are a prime target for identity thieves. After all, the IRS processes billions of dollars in tax refunds every year, and criminals follow the money. A thief needs little more than your name and Social Security number (SSN) in order to file a fraudulent tax return and pocket the refund. Then, when you attempt to file your return, the IRS or state tax authority informs you that you’re attempting to file a duplicate return. It can take months to resolve the matter, cause unwelcome headaches and delay any legitimate refunds you expect.
Increasingly, identity thieves also target entities — including corporations, partnerships, estates and trusts — and use stolen information to file phony tax returns. Criminals also attempt to steal employee data from employers to help them execute individual identity theft.
In recent years, tax-related identity theft has substantially declined, due in large part to actions taken by the IRS. For example, the IRS has improved filters in its computer systems, enabling it to flag potentially fraudulent returns. The system looks for anomalies, such as dramatic differences in a taxpayer’s returns from one year to the next or wage information that doesn’t match information provided by employers.
In addition, online tax preparers and software companies have beefed up their security and implemented measures to confirm their customers’ identities. For example, many providers use multifactor authentication — such as a password plus a code sent by text — to verify a user’s identity. On the business side, the IRS now requires tax preparers to furnish additional information to verify that a return is legitimate.
These efforts have been effective, but tax-related identity theft remains a major threat. So it’s important for individuals and businesses to take steps to protect themselves.
For individuals, one of the keys to preventing tax-related (and other forms of) identity theft is to keep your SSN private. Don’t carry your Social Security card with you and don’t provide your SSN to others unless absolutely necessary (and never provide it via email).
Beware of phishing emails. These are official-looking emails designed to look like they’re from the IRS, a financial institution or an executive at your company, but are actually from criminals attempting to steal your SSN, bank account numbers or passwords. Never click on links or attachments in emails unless you’re positive they’re legitimate. And remember that the IRS, banks and most other legitimate businesses will never ask you for financial or personal information via email.
Other steps you should take to protect yourself include:
Finally, file your return as early as possible. In the event identity thieves do obtain your SSN or other information, filing first will prevent them from claiming a refund in your name.
Businesses should take steps to protect their own information as well as that of their employees. If you’re an owner, provide training to accounting, human resources and other employees to educate them on the latest tax fraud schemes and how to spot phishing emails; using secure methods to send W-2 forms to employees; and implementing risk management strategies designed to flag suspicious communications. If you’re an employee, try to find out if your employer is following these best practices.
If you become a victim of tax-related identity theft:
You should also contact your financial institutions and close any accounts that have been compromised or opened fraudulently.