Business identity theft
According to the IRS, business identity theft is growing and individual identity theft or tax fraud is diminishing. Cybercriminals’ increased focus on breaching tax professionals’ systems and stealing client data is causing the increase in business and partnership return identity theft.
As of June 1, the IRS had identified approximately 10,000 business returns as potential identity theft in 2017, compared to about 4,000 for calendar year 2016 and 350 for calendar year 2015. While the number of businesses affected was relatively low, the potential dollar amounts were significant: $137 million for 2017, $268 million for 2016 and $122 million for 2015.
The affected returns included corporate returns (Forms 1120 and 1120S) and estate and trust returns (Form 1041). There also was an increase in identity theft related to the Schedule K-1 filings made by partnerships.
According to the IRS, business identity theft happens when someone creates, uses or attempts to use the identifying information of a business — without authority — to obtain tax benefits. Business identity thieves file fraudulent business returns to receive refundable business credits or to perpetuate individual identity theft.
Information sharing to stop fraud
During the 2017 filing season, the tax software industry began sharing data elements from tax returns with the IRS and states to help identify suspected identity theft business returns. For 2018, the number of elements shared from tax returns will increase to better help identify those suspect returns.
Also for 2018, the IRS will be asking tax professionals to gather more information on their business clients. All of the data being collected assists the IRS in authenticating that the tax return being submitted is the legitimate return filing and not an identity theft return.
Some of the new information people may be asked to provide when filing their business, trust or estate client returns include:
- The name and Social Security number of the company individual authorized to sign the business return. Is the person signing the return authorized to do so?
- Payment history. Were estimated tax payments made? If yes, when were they made, how were they made and how much was paid?
- Parent company information. Is there a parent company? If yes, who?
- Additional information based on deductions claimed.
- Filing history. Has the business filed Form(s) 940, 941 or other business related tax forms?
The IRS is aware of a handful of tax practitioners who have been victimized by ransomware attacks. The Federal Bureau of Investigation recently cautioned that ransomware attacks are a growing and evolving crime threatening the private and public sectors as well as individuals.
Ransomware is a type of malware that infects computers, networks and servers and then encrypts (locks) data. Cybercriminals then demand a ransom to release the data. Users generally are unaware that malware has infected their systems until they receive the ransom request.
The 2017 Phishing Trends and Intelligence Report issued annually by Phishlabs named ransomware one of two transformative events of 2016 and called its rapid rise a public epidemic.
In May 2017, a ransomware attack dubbed “WannaCry” targeted users who failed to install a critical update to their Microsoft Windows operating system or who were using pirated versions of the operating system. Within a day, criminals held data on 230,000 computers in 150 countries for ransom.
The most common delivery method of this malware is through phishing emails. The emails lure unsuspecting users to either open a link or an attachment. However, the FBI also has warned that ransomware is evolving and cybercriminals can infect computers by other methods, such as a link that redirects users to a website that infects their computer.
Tips to prevent ransomware attacks
According to the IRS, tax practitioners — as well as businesses, payroll departments, human resource organizations and taxpayers — should talk to an IT security expert and consider these steps to help prepare for and protect against ransomware attacks:
- Make sure employees are aware of ransomware and of their critical role in protecting the organization’s data.
- For digital devices, ensure that security patches are installed on operating systems, software and firmware. This step may be made easier through a centralized patch management system.
- Ensure that antivirus and antimalware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts. No users should be assigned administrative access unless necessary, and only use administrator accounts when needed.
- Configure computer access controls, including file, directory and network share permissions, appropriately. If users require read-only information, do not provide them with write-access to those files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs.
- Back up data regularly and verify the integrity of those backups.