You may have created a data security plan for your office with all the bells and whistles—employee training, security software, offsite data backups, secure client-facing portals, and more—but do you know how to spot what the Internal Revenue Service calls “the warning signs of client data theft?”
In a recent “Protect Your Clients; Protect Yourself: Tax Security 101” update, the IRS highlighted ways to spot data theft that has already taken place. As the agency points out, the effects of data theft usually aren’t felt until criminals actually use that information—in the specific case of garden-variety identity theft, victims see their credit scores torched by unpaid loans and maxed out credit cards.
When it comes to tax-related identity theft, there are a few tell-tale signs of a data breach that tax professionals can train themselves to spot. Here are ten the IRS wants you to be able to identify:
• “Client e-filed returns begin to be rejected because returns with their Social Security numbers were already filed;
• Clients who haven’t filed tax returns begin to receive taxpayer authentication letters (5071C, 4883C, 5747C) from the IRS;
• Clients who haven’t filed tax returns receive refunds;
• Clients receive tax transcripts that they did not request;
• Clients who created an IRS online services account receive an IRS notice that their account was accessed or IRS emails stating their account has been disabled. Or clients unexpectedly receive an IRS notice that an IRS online account was created in their names;
• The number of returns filed with the tax professional’s Electronic Filing Identification Number (EFIN) exceeds the number of clients;
• Tax professionals or clients responding to emails that the firm did not send;
• Network computers running slower than normal;
• Computer cursors moving or changing numbers without touching the keyboard;
• Network computers locking out employees.”
Let’s not forget that tax-related identity theft is big business for cyber criminals. Back in February, the IRS announced that it prevented $6 billion in fraudulently filed tax refunds from falling into the hands of identity thieves in 2017. That’s one heck of an incentive to keep trying to steal tax refund money, and tax professionals are a veritable gold mine for cybercriminals looking to file fraudulent tax returns.
To learn other signs of data theft, visit IRS.gov.