No one is immune from identity theft these days – not even the Internal Revenue Service. And with tax season starting and identity theft on the rise, tax return fraud is a real risk for your clients.
It’s not surprising that identify theft has topped the list of consumer complaints reported to the Federal Trade Commission (FTC) for the past several years. But did you know that tax-related identity theft is now the number one type of identity theft reported?
What’s more, individuals with an annual household income of $75,000 or more have the highest prevalence of identity theft (11 percent), compared to those in all other income brackets, according to a 2014 study by the U.S. Bureau of Justice Statistics.1
Tax identity thieves typically create fake W-2 forms that they use to file fraudulent returns and cash in before the actual taxpayer has a chance to file – which is why filing early can help your client get ahead of the criminals.
However, filing at the start of the season isn’t often an option for high-net-worth individuals who have to wait for K-1s, Form 1099s and other documents before they can file their taxes. Fortunately, filing early isn’t the only way to avoid identity theft. There are other ways you can help your clients stay vigilant this tax season.
Beware of IRS Imposters
Phishing emails and other social engineering attacks pose a significant threat to businesses and individuals, and cyber attacks are growing in sophistication.
IRS imposter scams, in which criminals impersonate IRS officials to solicit money and/or information from taxpayers, have skyrocketed in the past two years. In 2013, the FTC received 2,545 complaints about IRS imposter scams; in 2014 that number was 54,690!2
The IRS doesn’t contact taxpayers via email, demand immediate payment over the phone or require taxpayers to use a specific payment type (for example, wire transfer or prepaid debit card), so report any such requests. You can report tax scams online or by calling 800-366-4484.
Apply for An IP PIN
An identity protection personal identification number (IP PIN), is a six-digit number designed to help prevent the fraudulent use of an individual’s Social Security number on federal income tax returns. Once a taxpayer has opted to use an IP PIN, he’ll need to use it to confirm his identity on all his federal tax returns filed for the current year and in subsequent years. The IRS will send a new IP PIN each year by mail.
The IP PIN is sometimes confused with the five-digit e-File signature PIN, but they aren’t the same. To be eligible to apply for an IP PIN, a taxpayer must meet at least one of the following criteria:
- Received a CP01A Notice with new IP PIN and lost it
- Had an IP PIN in a prior tax year and didn’t receive a new one this year
- e-Filed return was rejected because IP PIN was missing or incorrect
- Received an IRS invitation to “opt-in” to get an IP PIN
- Filed federal tax return last year with an address in Florida, Georgia or the District of Columbia
Your clients can visit the IRS website to apply for an IP PIN.
In addition to applying to for an IP PIN, any taxpayer who’s been a victim of a data breach should submit a Form 14039, Identity Theft Affidavit, if his Social Security number has been compromised and either his e-File return was rejected as a duplicate or the IRS has informed him that he may be a victim of tax-related identity theft. Executors of estates should file the affidavit on behalf of deceased taxpayers.
Some practitioners suggest that the majority of taxpayers should file the affidavit, given the current prevalence of massive, high-profile data breaches.
Take Control of Credit
Companies that have suffered data breaches often offer their customers free credit monitoring services for a limited time. While these services can be helpful in detecting fraudulent activity, it’s important to remember that most credit monitoring services will notify your client only after someone has opened an account in his name.
An alternative to using one of these services is for your client to put a 90-day fraud alert on his credit report, which requires creditors to verify his identity before extending credit. To do so, he can contact any one of the three national credit bureaus (Equifax, Experian and TransUnion) who will notify the other two.
To take it one step further, your client can contact all of the three credit bureaus to put a lock or “freeze” on his credit. Once your client’s credit is locked, only existing creditors can make inquiries. No new accounts can be established in his name. In the future, if your client wants to open a new account, such as a utility account or car loan, he’ll need to plan ahead to go through the steps of unlocking or “thawing” his credit.
Protect Personal and Financial Data
There are several other ways that your clients can help to minimize the risk of identity theft and keep valuable information safe from criminals, including:
- Protect their Social Security number.
- Shred documents with personal information.
- Create strong passwords.
- Review bank and credit card activity regularly.
- Set up transaction alerts.
- Install anti-virus software and keep it up to date.
- Don’t enter financial or personal information on non-secure websites.
- Beware of public Wi-Fi networks, which are easy targets for hackers.
- Consider more advanced data security techniques, such as encryption and tokenization.
Remember, not even deceased taxpayers are safe from this threat. Each year, thieves steal the identities of nearly 2.5 million deceased Americans, according to the IRS.3 The executor of an estate can play an important role in combating identity theft by canceling the decedent’s credit cards, locking his credit and safeguarding his electronic passwords, computers and other digital devices, which could contain personal and financial data.
Endnotes
- http://www.bjs.gov/content/pub/press/vit14pr.cfm.
- www.ftc.gov/news-events/press-releases/2015/01/tax-id-theft-tops-ftc-complaints-2014-irs-imposter-complaints.
- www.irs.gov/Businesses/Small-Businesses-&-Self-Employed/Deceased-Taxpayers-Protecting-the-Deceaseds-Identity-from-ID-Theft.