IR-2024-306, Dec. 5, 2024 WASHINGTON — Because identity thieves target the financial data of businesses and the self-employed using new schemes, the Internal Revenue Service and the Security Summit partners today urged companies and individual taxpayers to review and update their security measures and practices to guard against the latest scams. Fraudsters often try tricking businesses and others into sharing personal information — such as names, passwords and account numbers — through emails, texts and direct messages made to look like they come from a legitimate source, like the IRS, a bank or a trusted tax professional. In some recent schemes, social media is used to dole out misleading tax advice about refunds and eligibility for tax credits like the Fuel Tax Credit or the Paid Sick and Family Leave Credit. In other instances, social media has been used to connect taxpayers with scammers to try to get them to falsify forms. In others, scammers impersonate charity organizations, then use spoofed websites and phone numbers, as well as fake email messages, to draw in the unsuspecting. “With the IRS and the Security Summit partners working together to increase our defenses against fraud, it means identity thieves increasingly look to steal valuable information from businesses large or small, individual taxpayers as well as tax professionals,” said IRS Commissioner Danny Werfel. “With these scammers constantly evolving their tactics, everyone needs to remain vigilant throughout the year. We urge businesses and taxpayers to review and update security measures regularly, keep abreast of the latest scams, and think before sharing any sensitive data — even with a seemingly trusted person or entity.” Security Summit partners urge extreme caution about such solicitations and the accompanying links, attachments and contact information they contain. Never click, call or reply without first independently verifying the source. Officials highlighted the threat to businesses and others on the fourth day of National Tax Security Awareness Week 2024, which runs through Friday. The annual event, now in its ninth year, was created by the Security Summit, a public-private partnership formed in 2015 between the IRS, state tax agencies and the national tax community. The partners work together to combat tax-related identity theft and raise awareness among taxpayers and tax professionals about safeguarding themselves and their customers from security threats. Identity thieves often ramp up their efforts during the holiday shopping season, which is already in full swing, and as tax time approaches. They’ve increasingly focused on businesses and individual taxpayers in the hopes of circumventing the strengthened defenses the IRS and its Security Summit partners have put in place in recent years. Since its inception, the work of the Security Summit partners has helped protect millions of taxpayers against identity theft and prevented billions of dollars from being wrongly paid out to fraudsters. “At the Federal Trade Commission, protecting small businesses and their owners is always a top priority,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “During National Tax Security Awareness Week, the FTC commends IRS efforts to educate businesses on how to enhance their cybersecurity while recognizing and avoiding common scams – and, of course, reporting them to ReportFraud.ftc.gov.” Taxpayers, businesses can protect themselves with extra security With identity thieves looking for better sources of data to try filing false tax returns, business and taxpayer security is even more important. The Summit partners encourage taxpayers, businesses and tax professionals to remember to take some simple - but frequently overlooked - steps to protect their important financial and tax information. These include: Set security software to update automatically. Back up important files. Require strong passwords and pair them with multi-factor authentication. Encrypt all devices. More information and additional recommendations can be found at the Federal Trade Commission’s Cybersecurity for Small Business page. Businesses and consumers are also encouraged to report IRS-related scams to phishing@irs.gov. Businesses are also encouraged to keep their Employee Identification Number (EIN) information current and to report changes of address or reporting party promptly and within the required 60 days using IRS Form 8822-B, Change of Address or Responsible Party - Business. What to do after a possible identity theft If the theft occurred because of a scam targeting Form W-2 information, there are special reporting procedures, which can be found in the business section at Identity Theft Central. Businesses can also use the Business Identity Theft Affidavit (Form 14039-B) to proactively report potential identity theft to the IRS if they: Receive a rejection notice for an electronically filed return because another return is already on file for the same period. Get a notice about a tax return they didn’t file. Are notified about forms W-2 they didn’t file. Notice a balance due when one isn’t owed. If businesses are the victim of a data breach with no tax related impact, they should visit Identity Theft Central’s business section for details on reporting the theft. Additional resources Go to National Tax Security Awareness Week 2024 for additional information. For more information on preventing tax information theft, visit Security Summit. Victims of identity theft can visit Identity Theft Central. For more information on scams the IRS is tracking, visit Recognize tax scams and fraud. Find additional information on tax scams at Tax Scams. Get reliable tax info from the following trusted sources: Follow IRS on social media. Visit an IRS walk-in center. Talk to a trusted tax professional.
