Know the Signs of Possible ID Theft

Know the Signs of Possible ID Theft

We all know that identity thieves aren’t letting up in their efforts to steal your clients’ personal information so they can file fraudulent tax returns. If anything, they’re picking up the pace. But how can you know your tax prep office has been a target?

What are the signs of identity theft tax refund fraud?

Identity thieves work in the shadows, so the evidence of their malicious work isn’t always obvious. But it is there if you know what to look for.

While any one of these symptoms may—or may not—mean your computer systems have definitely been compromised, they are indicators that need to be investigated:

  • Client e-filed returns rejected because client’s Social Security number was already used on another return.
  • More e-file acknowledgements received than returns the tax pro filed.
  • Clients responded to emails the tax pro didn’t send.
  • Slow or unexpected computer or network responsiveness such as:
    • Software or actions take longer to process than usual,
    • Computer cursor moves or changes numbers without touching the mouse or keyboard,
    • Unexpectedly locked out of a network or computer.

If you’ve had more than one of these indicators occur on your office system, it’s time to call a professional IT firm to confirm the root cause.

Client reports can help you spot identity theft

Your clients may also get an indicator that something is amiss. The Summit says you should be on the lookout for these warning signs:

  • IRS Authentication letters (5071C, 6331C, 4883C, 5747C) even though they haven’t filed a return.
  • A refund even though they haven’t filed a return.
  • A tax transcript they didn’t request.
  • Emails or calls from the tax pro that they didn’t initiate.
  • A notice that someone created an IRS online account for the taxpayer without their consent.
  • A notice the taxpayer wasn’t expecting that:
    • Someone accessed their IRS online account,
    • The IRS disabled their online account,
    • Balance due or other notices from the IRS that are not correct based on return filed or if a return had not been filed.

The upshot of all these indicators is that you, the tax professional, are the first line of defense against unlawful theft of your and your clients’ data.

When you see a pattern that doesn’t fit the circumstances, it’s time to investigate. Make sure you and your office have the best security possible, but don’t hesitate to get help if there’s a problem.

What should I do if I suspect data theft?

The first step toward recovery is to call the IRS, specifically the local IRS Stakeholder Liaison. They can notify IRS Criminal Investigation and other agency departments on your behalf. Do it IMMEDIATELY once data theft is confirmed; the IRS can move to block fraudulent returns in your clients’ names and can further assist you and your office staff.

Next, email the Federation of Tax Administrators for instructions on how to report information to your state and others where you e-file. Many times, states dictate that data breach information is reported to the state attorney general, and this may mean sending your information to multiple offices.

Once a data breach is identified, the IRS recommends tax pros identify and contact clients who may be affected by the breach and suggesting they acquire an IP PIN or, if necessary, file Form 14039, Identity Theft Affidavit.

Knowledge is power

The IRS website has a number of valuable resources available for tax professionals.

See Publication 5293, Data Security Resource Guide for Tax Professionals for an overview on avoiding data theft.

Help is also available from Publication 4557, Safeguarding Taxpayer Data, and from the Security Summit, a reminder about the importance of IP PINs.

Another vital piece of guidance comes from the National Institute of Standards and Technology, in Small Business Information Security: The Fundamentals.

Source: IR-2022-144

Article provided by Taxing Subjects.

Security Summit Announces New Sample Security Plan

Security Summit Announces New Sample Security Plan

Most tax-season-preparation checklists include updating software, reviewing tax law changes, earning continuing professional education credits, and training seasonal staff. Creating or updating a written information security plan (WISP) is one often-overlooked item that should make everyone’s list. After all, tax professionals are required by the Federal Trade Commission’s Safeguards Rule to have one of these plans in place to protect client information.

Tax pros seeking help with a security plan for their office are in luck. The Internal Revenue Service announced the publication of a 29-page sample WISP by the Security Summit. Issued during the Summit’s “Protect Your Clients; Protect Yourself” educational outreach campaign, this document is the culmination of a months-long effort by the IRS, state departments of revenue, and tax industry.

Drake Software Director of Government Relations Jared Ballew currently serves as co-lead of the Security Summit Tax Professionals Working Group and is the incoming chair of the Electronic Tax Administration Advisory Committee. In the IRS news release, Jared explains that the Summit’s sample is an excellent resource for tax pros who need help creating a written information security plan for their office.

“There’s no way around it for anyone running a tax business,” he says. “Having a written security plan is a sound business practice—and it’s required by law. The sample provides a starting point for developing your plan, addresses risk considerations for inclusion in an effective plan, and provides a blueprint of applicable actions in the event of a security incident, data losses, and theft.”

It is important to note that this is not a one-size-fits-all document, and—as the WISP itself states—“it is not intended to replace your own research, to create reliance, or serve as a substitute for developing your own plan based upon the specific needs and requirements of your business or firm.” That said, the sample is written in plain language and designed to be flexible, so tax pros can easily adapt it for their office.

In addition to the download, the IRS recommends referencing documents like Publication 4557, Safeguarding Taxpayer Data; Publication 5293, Data Security Resource Guide for Tax Professionals; Identity Theft Central; and Small Business Information Security: The Fundamentals.

Source: IR-2022-147 

Article provided by Taxing Subjects.