Blog LBMC

Print Divider Print Divider Branding
 

Understanding Tax-Related Identity Theft and Refund Fraud

08/16/2018  |  By: Emily Ziadeh, CPA, Manager, Tax, Cindy Anderson, CPA, PFS, Senior Manager, Tax

Share

Social Logo Social Logo Social Logo Social Logo

You submit your records and receipts to your tax accountant who prepares and submits your tax return. Then, instead of sitting back to receive your anticipated refund, your accountant informs you that you have been rejected! Someone else has already filed a return for this tax year under your Social Security number. You are now a victim of tax identity theft.

What is tax identity theft?

The most common form of tax identity theft is tax refund identity theft. A thief uses your name, social security number and date of birth to file a tax return with phony wages or other income, submits the return electronically and receives the fraudulent refund via mail or direct deposit within 30 days. Prior to the 2017 filing season, the filing deadline for employers and small businesses to submit W-2’s and 1099’s was Feb. 28, and refunds were processed by the IRS immediately.

Thieves knew to act quickly to request a refund because they needed to submit the return before the actual taxpayer’s filing occurred. They did not need to wait for information from legitimate income sources, and the IRS did not have information in the system to check the validity of information on the return. The returns could be processed as reported and refunds issued. This means that when a taxpayer’s legitimate tax return was submitted, it would not be accepted by the IRS, and all actions would be halted until the now identified fraud was investigated.

How do they get my information?

Tax identity theft is a large-scale problem in the United States due to an increase in cyber attacks on employers, insurers, payroll service providers, universities, and retailers. The Equifax security breach alone exposed 143 million consumers – with complete data on Social Security numbers, names, addresses, birth dates, and, in some cases, driver’s license numbers. The information needed for tax refund identity theft is also obtained through phishing. Phishing is a scam where criminals attempt to steal your financial information through an email or a fake website. In many cases, the emails ask for specific personal information or try to get you to click on a link to install spyware or other malware on your computer.

According to the Better Business Bureau, callers posing as agents from the IRS attempting to collect bogus tax debts topped the list of the most reported scams of 2016. In this scheme, callers posing as IRS agents tell the victims they owe money and then threaten arrest if the amount is not paid immediately. The callers also use fake names and IRS badge numbers and imitate the IRS toll-free number on caller ID so it looks like the IRS is calling. The IRS reminds taxpayers of the following things that scammers will do that the IRS will never do:

  • Call to demand immediate payment
  • Call about taxes owed without first having mailed you a bill
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card
  • Ask for credit or debit card numbers over the phone
  • Threaten to bring local police or other law-enforcement groups to have you arrested for not paying

What steps is the IRS taking to fight tax identity theft?

Historically, tax refund fraud soared to $21 billion in 2016, up from just $6.5 billion in 2014. For the 2017 Filing Season, the IRS retired its Electronic Fraud Detection System, and the Return Review Program (RRP) is now the IRS’s primary individual tax refund fraud selection system. The IRS states that the RRP provides new and improved capabilities in its fraud detection and prevention processes.

The Protecting Americans from Tax Hikes (PATH) Act accelerated the required filing deadlines for Forms W-2 and 1099’s which is another method to make it easier for the IRS to detect and prevent refund fraud. These information forms must now be submitted by Jan. 31. In addition, the IRS is required to hold refunds involving key refundable credits until at least Feb. 15. This change in reporting, combined with IRS expansion of processes to prevent fraudulent tax returns from entering the tax processing system, has resulted in a great reduction in the issuance of fraudulent refunds and rejections of legitimate returns. 

The chart below as reported by The Treasury Inspector General for Tax Administration shows the number of fraudulent tax returns identified by the IRS, as well as the refund amounts that were claimed and stopped for Filing Season 2017 and preliminary reports through Feb. 28, 2018. 

Filing Season Fraudulent Refund Returns Identified Fraudulent Refund Returns Stopped Amount of Fraudulent Refunds Identified Amount of Fraudulent Refunds Stopped
2017 1,067,878 991,681 $7,970,283,186 $7,648,398,857
2018 (thru 2/28) 9,557 7,376 $46,000,000 $22,200,000

Other initiatives include the following:

  • New protocols require all individual tax software customers to update their security credentials.  The requirements include a minimum 8-digit password using a combination of letters, numbers, and special characters, new security questions, new lock-out features, and new ways to verify emails.
  • Software providers are now sharing data elements from tax returns with the IRS and states to help identify possible fraud.
  • Verification codes have been placed on millions of W-2 tax return forms. In 2017, the W-2 Verification Code test covered approximately 50 million forms. These W-2s contain a 16-digit code that taxpayers and tax preparers enter when prompted by the software. The codes will help validate the taxpayer’s identity and the information on the form.
  • The Identity Theft Tax Refund Fraud Information Sharing and Analysis Center was launched in 2017. According to the IRS, this serves as an early warning system for partners, collecting and analyzing tax-related identity theft schemes.
  • The IRS has significantly increased the number of Letter 4883C’s that are being sent to taxpayers.  This letter requires taxpayers to call the IRS to verify their identity. The IRS agent will ask the taxpayer questions regarding their prior and current year tax returns. In addition, they may ask specific questions regarding W-2’s, 1099’s, and supporting schedules such as Schedule C or Schedule F. Taxpayers must verify their identity with the IRS before their tax return will be processed.
  • Some states will require driver’s license numbers and will release refunds only after verifying data. They may also only issue paper refunds.
  • Financial institutions are also being asked to identify questionable state tax refunds and return them to states for validation. 

What can you do to protect yourself?

Tax identity theft is unpreventable, but there are things that you can do to reduce your risk.

  • If you do not file electronically, send the return through certified mail. 
  • When filing electronically, use a secure computer on a secure network.
  • Use professionals who can be trusted with your personal information.
  • File your return as early as possible. A thief can’t file a return in your name if you’ve already filed a legitimate one.
  • Be alert to possible scams. The IRS does not email or text taxpayers, and your first contact with the IRS will always be through the traditional mail.
  • If you receive an unsolicited email that appears to be from the IRS, you can report it by forwarding it to phishing@irs.gov.
  • Be alert to possible tax identity theft if you are contacted by the IRS or your tax professional about the following:
    • More than one tax return was filed using your SSN
    • You owe additional tax or have had collection actions taken against you for a year you did not file a tax return
    • IRS records indicate you received wages or other income from an employer for whom you did not work

What should you do if you fall victim?

  • Notify the Federal Trade Commission (FTC), Social Security Administration (SSA), and IRS. You should call the IRS Identity Protection Specialized Unit at 800.908.4490 to report the theft.
  • Complete and submit IRS Form 14039, the Identity Theft Affidavit. This ensures the IRS knows that future returns may be at risk. 
  • Apply for an Identity Protection PIN (IP PIN). Victims of identity theft can apply for a six-digit IP PIN, which the IRS uses to confirm your identity on future electronically filed tax returns.
  • Contact one of the three major credit bureaus to place a fraud alert on your credit records: Equifax, Experian or TransUnion. A fraud alert on your credit report will require potential creditors or lenders to contact you directly and obtain permission before opening a new line of credit.
  • Consider purchasing credit monitoring to keep tabs on your credit report. Credit monitoring services will not only alert you when someone applies for a new line of credit in your name, but also will monitor existing accounts and notify you of any changes. Many also offer recovery assistance services, monetary and legal assistance, and insurance that covers expert identity theft consulting, as well as financial relief.

Identity theft is a problem in many areas, including tax. The IRS has taken many steps to improve its fraud detection and prevention capabilities. You, as a taxpayer, may not be able to eliminate fraud, but with increased awareness and actions that complement IRS security, you may be able to avoid being the next victim of tax identity theft.

Posted in: Wealth Management, Tax