IR-2018-111, May 3, 2018
WASHINGTON — The IRS, state tax agencies and the nation’s tax industry are warning small businesses to be on-guard against a growing wave of identity theft attempts against employers.
Small business identity theft is big business for identity thieves. When businesses and their employees have their identities stolen, their sensitive information can be used to open credit card accounts or file fraudulent tax returns for bogus refunds.
The Internal Revenue Service, state tax agencies and the private-sector tax community -- partners in the Security Summit -- are marking “Small Business Week” with a series of reminders to taxpayers and tax professionals. The week concludes with warnings about small business identity theft.
In the past two years, the Internal Revenue Service has noted a sharp increase in the number of fraudulent filings of Forms 1120, 1120S and 1041 as well as Schedule K-1. The fraudulent filings apply to partnerships as well as estate and trust forms.
Identity thieves are displaying a sophisticated knowledge of the tax code and tax industry filing practices as they attempt to obtain valuable data to help file fraudulent returns. To help counter this, Security Summit partners have expanded efforts to better protect business filers and identify suspected identity theft returns.
Identity thieves have long made use of stolen Employer Identification Numbers (EINs) to create fake Forms W-2 that they would file with fraudulent individual tax returns. Fraudsters also used EINs to open new lines of credit or obtain credit cards. Now they are using company names and EINs to file fraudulent returns.
As with fraudulent individual returns, there are certain signs that may indicate identity theft. Business, partnerships and estate and trust filers should be alert to potential identity theft and contact the IRS if they experience any of these issues:
Extension to file requests are rejected because a return with the Employer Identification Number or Social Security number is already on file;
An e-filed return is rejected because a duplicate EIN/SSN is already on file with the IRS;
Received 5263C or 6042C Letters;
An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer;
Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.
Steps to protect businesses
The IRS, state tax agencies and software providers also share certain data points from tax returns, including business returns, that help identify a suspicious filing. The IRS and states ask that business and tax practitioners provide additional information that will help verify the legitimacy of the tax return.
Respond to the “know your customer” questions when prompted by software:
Who signed the return – including name and SSN
Tax payment history of the company
Parent company information
Additional information based on deductions claimed
Tax filing history of the company
Sole proprietorships that file Schedule C and partnerships filing Schedule K-1 with Form 1040 also will be asked to provide additional information items, such as a driver’s license number. Providing this information will help the IRS and states identify suspicious business-related tax returns.
For small businesses looking to enhance their security, the National Institute of Standards and Technology (NIST) produced Small Business Information Security: The Fundamentals. NIST is the branch of the U.S. Commerce Department that sets information security frameworks followed by federal agencies.
The United States Computer Emergency Readiness Team (US-CERT) has Resources for Small and Midsize Businesses. Many secretaries of state also provide resources on business-related identity theft as well.
The IRS, state tax agencies and the tax industry continue to work together to fight against tax-related identity theft and to protect business and individual taxpayers. Everyone can help. Take steps recommended by cyber experts and visit the Identity Protection: Prevention, Detection and Victim Assistance for information about business-related identity theft.