Security Summit warns tax pros to watch for tell-tale signs of identity theft

IR-2021-170, August 17, 2021

WASHINGTON — With identity thieves continuing to target the tax community, Internal Revenue Service Security Summit partners today urged tax professionals to learn the signs of data theft so they can react quickly to protect clients.

The IRS, state tax agencies and the tax industry – working together as the Security Summit – reminded tax professionals that they should contact the IRS immediately when there's an identity theft issue while also contacting insurance or cybersecurity experts to assist them with determining the cause and extent of the loss.

"There are tell-tale signs of identity theft that tax pros can easily miss," said IRS Commissioner Chuck Rettig. "Identity thieves continue to look for ways to slip into the systems of tax pros to steal data. We urge practitioners to take simple steps and remain on the lookout for signs of data and identity theft. They are a critical first line of defense against identity theft."

Knowing the signs of identity theft is the final part of a five-part series sponsored by the Summit partners to highlight critical steps tax professionals can take to protect client data. This year's theme " Boost Security Immunity: Fight Against Identity Theft ," focused on urging tax professionals to try harder to secure their systems and protect client data during this pandemic and its aftermath.

This summer-time Summit series, now in its sixth year, highlighted the protections offered by multi-factor authentication and key security steps, the use of the Identity Protection PIN for clients, scams to steal unemployment benefits and the dangers of phishing email/text scams.

One common refrain the IRS hears from tax professionals reporting data thefts is that they did not immediately recognize its signs.

Summit partners urged tax professionals to watch out for these critical signs:

  • Client e-filed returns rejected because client's Social Security number was already used on another return.
  • More e-file acknowledgements received than returns the tax pro filed.
  • Clients responded to emails the tax pro didn't send.
  • Slow or unexpected computer or network responsiveness such as:
    • Software or actions take longer to process than usual,
    • Computer cursor moves or changes numbers without touching the mouse or keyboard,
    • Unexpectedly locked out of a network or computer.

Tax professionals should also watch for warning signs when clients report they've received:

  • IRS Authentication letters (5071C, 4883C, 5747C) even though they haven't filed a return.
  • A refund even though they haven't filed a return.
  • A tax transcript they didn't request.
  • Emails or calls from the tax pro that they didn't initiate.
  • A notice that someone created an IRS online account for the taxpayer without their consent.
  • A notice the taxpayer wasn't expecting that:
    • Someone accessed their IRS online account,
    • The IRS disabled their online account.

These are just a few common examples. Tax pros should ensure they have the highest security possible and contact these sources if they sense or see something amiss.

If you or your firm are the victim of data theft, immediately:

  • Report it to your local IRS Stakeholder Liaison

    Liaisons will notify IRS Criminal Investigation and others within the agency on the practitioner's behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in the clients' names and will assist tax pros through the process.

  • Email the Federation of Tax Administrators at statealert@taxadmin.org

    Get information on how to report victim information to the states. Most states require that the state attorney general be notified of data breaches. This notification process may involve multiple offices.

Find more information at Data Theft Information for Tax Professionals.

Additional resources

Tax professionals can also get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data PDF, and Small Business Information Security: The Fundamentals PDF by the National Institute of Standards and Technology. The IRS Identity Theft Central pages for tax pros, individuals and businesses have important details as well.

Publication 5293, Data Security Resource Guide for Tax Professionals PDF, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

For more information, see Boost Security Immunity: Fight Against Identity Theft.