Posts

National Tax Security Awareness Week No. 5: Small Businesses: Be Alert to Identity Theft

The IRS, state tax agencies and the nation’s tax industry joined together to warn small businesses to be on-guard against a growing wave of identity theft against employers.

Small business identity theft is a big business for identity thieves. Just like individuals, businesses may have their identities stolen and their sensitive information used to open credit card accounts or used to file fraudulent tax refunds for bogus refunds.

The Internal Revenue Service, state tax agencies and the private-sector tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. The week concludes with warnings about small business identity theft.

In the past year, the Internal Revenue Service has noted a sharp increase in the number of fraudulent Forms 1120, 1120S and 1041 as well as Schedule K-1. The fraudulent filings apply to partnerships as well as estate and trust forms.

Identity thieves are displaying a sophisticated knowledge of the tax code and industry filing practices as they attempt to obtain valuable data to help file fraudulent returns. Security Summit partners have expanded efforts to better protect business filers and to better identify suspected identity theft returns.

Identity thieves have long made use of stolen Employer Identification Numbers (EINs) to create fake Forms W-2 that they would file with fraudulent individual tax returns. Fraudsters also used EINs to open new lines of credit or obtain credit cards. Now, they are using company names and EINs to file fraudulent returns.

As with fraudulent individual returns, there are certain signs that may indicate identity theft. Business, partnerships and estate and trust filers should be alert to potential identity theft and contact the IRS if they experience any of these issues:

  • Extension to file requests are rejected because a return with the Employer Identification Number or Social Security number is already on file;
  • An e-filed return is rejected because of a duplicate EIN/SSN is already on file with the IRS;
  • An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer.
  • Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.

New Procedures to Protect Business in 2018

The IRS, state tax agency and software providers also share certain data points from returns, including business returns, that help identify a suspicious filing. The IRS and states also are asking that business and tax practitioners provide additional information that will help verify the legitimacy of the tax return.

For 2018, these “know your customer” procedures are being put in place that include the following questions:

  • The name and SSN of the company executive authorized to sign the corporate tax return. Is this person authorized to sign the return?
  • Payment history – Were estimated tax payments made? If yes, when were they made, how were they made, and how much was paid?
  • Parent company information – Is there a parent company? If yes, who?
  • Additional information based on deductions claimed
  • Filing history – Has the business filed Form(s) 940, 941 or other business-related tax forms?

Sole proprietorships that file Schedule C and partnerships filing Schedule K-1 with Form 1040 also will be asked to provide additional information items, such as a driver’s license number. Providing this information will help the IRS and states identify suspicious business-related returns.

For small businesses looking for a place to start on security, the National Institute of Standards and Technology (NIST) produced Small Business Information Security: The Fundamentals. NIST is the branch of the U.S. Commerce Department that sets information security frameworks followed by federal agencies.

The United States Computer Emergency Readiness Team (US-CERT) has Resources for Small and Midsize Businesses. Many secretaries of state also provide resources on business-related identity theft as well.

The IRS, state tax agencies and the tax industry are working together to fight against tax-related identity theft and to protect business and individual taxpayers. Everyone can help. Take steps recommended by cyber experts and visit the Identity Protection: Prevention, Detection and Victim Assistance for information about business-related identity theft.

Source: https://www.irs.gov/newsroom/national-tax-security-awareness-week-no-5-small-businesses-be-alert-to-identity-theft

/0 Comments/by

National Tax Security Awareness Week No. 4: Employers, Payroll Officials, Avoid the W-2 Email Scam

The IRS, state tax agencies and private-sector tax groups warned the nation’s business, payroll and human resource communities about a growing W-2 email scam that threatens sensitive tax information held by employers.

These emails may start with a simple, “Hey, you in today?” and, by the end of the exchange, all of an organization’s Forms W-2 for their employees may be in the hands of cybercriminals. This puts workers at risk for tax-related identity theft.

The W-2 scam has emerged as one of the most dangerous and successful phishing attacks as hundreds of employers and tens of thousands of employees fell victim to the scheme in the past year. This scam is such a threat to taxpayers that a special IRS reporting process has been established.

The Internal Revenue Service, state tax agencies and the tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. In part four, the topic is the W-2 scam.

Because the Security Summit partners have successfully made inroads into stopping stolen identity refund fraud, criminals now need more information to file a fraudulent return. That means they need more accurate data about taxpayers, causing them to target tax practitioners, payroll professionals and employers. The Form W-2 contains income and withholding information necessary to file a tax return.

All employers are at risk. In 2017, the W-2 scam made victims of businesses large and small, public schools and universities, as well as tribal governments, charities and hospitals. The scam, which grows larger each year, will likely make the rounds again in 2018.

The Security Summit warns employers – in public and private sectors – to beware of this scheme and to educate employees, especially those in human resources and payroll departments who are often the first targets.

This is an example of a business email compromise or business email spoofing in which the thief poses as a company executive, school official or someone of authority within the organization. The crook will send an email to one employee with payroll access, requesting a list of all employees and their Forms W-2. The thief may even specify the format in which he wants the information. The subject line has hundreds of variations along the lines of “review,” “manual review” or “request.”

Because payroll officials believe they are corresponding with an executive, it may take weeks for someone to realize a data theft has occurred. Generally, the criminals are trying to quickly take advantage of their theft, sometimes filing fraudulent tax returns within a day or two.

Because of the W-2 scam’s threat to tax administration for both federal and state governments, a special reporting process has been established to quickly alert the IRS and state tax agencies. Detailed reporting steps may be found at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.

Here’s an abbreviated list of how to report these schemes:

  • Email dataloss@irs.gov to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
  • Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
  • Businesses/payroll service providers should file a complaint with the FBI’s Internet Crime Complaint Center (IC3.gov). Businesses/payroll service providers may be asked to file a report with their local law enforcement agency.
  • Notify employees so they may take steps to protect themselves from identity theft. The Federal Trade Commission’s www.identitytheft.gov provides guidance on general steps employees should take.
  • Forward the scam email to phishing@irs.gov.

Employers are urged to put steps and protocols in place for the sharing of sensitive employee information such as Forms W-2. One example would be to have two people review any distribution of sensitive W-2 data or wire transfers. Another example would be to require a verbal confirmation before emailing W-2 data. Employers also are urged to educate their payroll or human resources departments about these scams.

As part of the Security Summit effort, the IRS, state tax agencies and the tax industry working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Be alert and guard against the W-2 scam.

Taxpayers are also encouraged to visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more.

Source: https://www.irs.gov/newsroom/national-tax-security-awareness-week-no-4-employers-payroll-officials-avoid-the-w-2-email-scam

/0 Comments/by