For the better part of a decade, tax-related identity theft scams have been a thorn in our side. Criminals have targeted taxpayers and taxpayers with an increasingly diverse series of phishing scams spanning most major communications platforms, from printed letters and phone calls to emails and text messages.
The sheer volume and frequency of these scams led to the formation of the Security Summit in 2015, a group comprised of the Internal Revenue Service, state departments of revenue, and private members of the tax industry. The Summit’s goal is to help raise awareness of data security tools and the signs of phishing scams that threaten everyone’s personal information, and their annual “Protect Your Clients; Protect Yourself” campaign is an integral part of that mission.
This year, the Security Summit branded their outreach “Boost Security Immunity: Fight Against Identity Theft.” An obvious nod to the ongoing pandemic, the Summit highlighted a different security tip each week for five weeks.
What did the Security Summit highlight in the “Boost Security Immunity: Fight Against Identity Theft” campaign?
The Security Summit spotlighted these five tips during their “Boost Security Immunity: Fight Against Identity Theft” campaign:
Week 1: Use Multi-Factor Authentication
Multi-factor authentication is an effective tool for combatting unauthorized access to online accounts. Supported by many professional tax preparation products and online accounts, MFA requires users provide an additional code to log in. These codes are typically generated by third party applications, services, and devices, making it more difficult for criminals to break into MFA-protected accounts—even if they have all other login credentials.
Week 2: Recommend Identity Protection Personal Identification Numbers
IP PINs are now available for any taxpayer who sign up using the Get an IP PIN online tool or file Form 15227, Application for an Identity Protection Personal Identification Number (the latter is only an option for those who cannot use Get an IP PIN and make less than $72,000 a year). This six-digit number is used to validate the identity of a taxpayer when filing a return, but it must be requested by individual taxpayers—tax pros can’t fill out the paperwork for their clients.
Week 3: Signs of Unemployment Compensation Scams
Unemployment compensation fraud spiked when Congress began passing extended benefits for American workers who lost jobs during the pandemic. Criminals have been claiming unemployment benefits using stolen personally identifiable information (PII), which—in addition to all the other headaches associated with identity theft—can result in surprise tax bills for victims. Getting a Form 1099-G from one (or more) states for unreceived unemployment compensation is a tell-tale sign that you’ve been scammed.
Week 4: Signs of Pandemic Phishing Scams
Pandemic phishing scams take advantage of fear, uncertainty, and recent events related to the coronavirus. Unemployment compensation, vaccine signups, economic impact payments, and advance child tax credit payments are just a few of the topics criminals rely on to trick victims out of their personal information and money—and many have specifically targeted tax professionals. The Summit warns that you should be on the lookout for emails and text messages that appear to come from financial institutions, cloud providers, and tax software companies that pressure you into “opening a link or attachment.”
Week 5: Signs of Identity Theft
Knowing the signs of identity theft can help you avoid falling victim to phishing scams that are designed to steal your PII and money. The Summit says tax professionals should be careful when they see the following signs:
- Client e-filed returns rejected because client’s Social Security number was already used on another return.
- More e-file acknowledgements received than returns the tax pro filed.
- Clients responded to emails the tax pro didn’t send.
- Slow or unexpected computer or network responsiveness such as:
- Software or actions take longer to process than usual,
- Computer cursor moves or changes numbers without touching the mouse or keyboard,
- Unexpectedly locked out of a network or computer.
Further, clients who do any of the following might also be victims of ID theft:
- IRS Authentication letters (5071C, 4883C, 5747C) even though they haven’t filed a return.
- A refund even though they haven’t filed a return.
- A tax transcript they didn’t request.
- Emails or calls from the tax pro that they didn’t initiate.
- A notice that someone created an IRS online account for the taxpayer without their consent.
- A notice the taxpayer wasn’t expecting that:
- Someone accessed their IRS online account,
- The IRS disabled their online account.
Be sure to visit the sources below for more information about the above tools and scams.
Sources: IR-2021-155; IR-2021-158; IR-2021-163; IR-2021-166; IR-2021-170