Identity theft is a serious threat to business, partnership, estate and trust filers. Thieves may steal sensitive information to file a fraudulent tax return for a refund or to commit other crimes. All taxpayers must be alert and on guard at all times. It is important to take strong security measures to protect your business' and your employees' data.
Know the Signs of Identity Theft
Be alert to possible business identity theft if:
- You can't e-file a return because one was already filed with the same EIN or SSN.
- You get a rejection notice for a routine extension to file request because a return with duplicate EIN or SSN is already on file.
- You receive an unexpected tax transcript or IRS notice that doesn't match anything submitted.
- You receive a Letter 6042C or 5263C from us.
- You don't receive expected or routine correspondence from the IRS because the business address has been changed.
Report Suspected Identity Theft or Data Loss
Protect Your Business and Prevent Data Loss
Take the strongest actions possible to safeguard your systems and data. Here are recommendations:
Protect your business data with these basic steps:
- Install anti-malware/anti-virus security software with automatic updates enabled on all devices:
- Laptops, desktops, routers, tablets and phones
- Deploy firewall protections on your network
- Use responsible passwords with:
- At least eight characters (longer is better)
- Special and alphanumeric characters
- Passphrases instead of passwords
- Unique passords for each account
- Protection on wireless devices
- A password manager
- Choose multi-factor authentication when available
- Encrypt sensitive files and emails with strong password protection.
- Back up sensitive data to a secure, external source not connected to your network.
- Destroy old computer hard drives and printers that contain sensitive data.
- Limit access to personal data only to individuals who need to know.
- Enter personal data only on secure sites with web addresses that begin with "https."
Creating and maintaining a data security plan is key. If you can afford it, contact a cybersecurity consultant. If not, find help in IRS Publication 4557, Safeguarding Taxpayer Data (PDF) or in one of these guides:
- Start with Security: A Guide for Business from the Federal Trade Commission
- Small Business Information Security – The Fundamentals (PDF) from the National Institute of Standards and Technology
You can help employees protect themselves and your business with information about data security.
Provide employees with basic data security information and practices. For example:
- Beware of phishing emails, the most common tactic used to steal data
- Do not respond to suspicious or unknown emails.
- If the email is IRS-related, forward it to firstname.lastname@example.org.
- Never open or download attachments from unknown senders, even potential clients.
- Verify the email is authentic by calling them.
- Only email documents that are password-protected and encrypted.
- Use separate personal and business email accounts.
- Protect your email accounts with strong passwords and two-factor authentication, if available.
How We Protect Business Filers
The IRS, state tax agencies and the tax industry work in coordination as the Security Summit to protect taxpayer data. Our program includes safeguards that identify suspicious returns. When we identify a business-related return that is potentially fraudulent, we issue a letter to the taxpayer seeking additional information before processing the tax return. Common letters are:
- Letter 6042C if we need information to validate the return
- Letter 5263C if we need information to validate the entity
Please respond immediately to IRS correspondence.
The IRS also asks tax professionals preparing business-related returns to answer a series of questions to help authenticate the validity of the business return. Tax preparation software for business-related returns also asks these questions.
- Initiate contact with taxpayers by email, text or social media to request personal or financial information
- Call taxpayers with threats of lawsuits or arrests
- Call, email or text to request taxpayer Identity Protection Pins