Scams to steal employees’ W-2 data are common and you can assume that new ones will bubble up this coming W-2 filing season. Worse: The IRS now reports that there’s been a sharp increase in the number of fraudulently filed Forms 1120 and 1120S, as well as Schedule K-1s. If you’ve experienced any the following, your business identity has probably been stolen:
- The IRS rejects your request for a filing extension because a return with your Employer Identification Number or Social Security Number is already on file
- The IRS rejects your e-filed return because a duplicate EIN or SSN is already on file
- You unexpectedly receive a tax transcript or an IRS notice that doesn’t correspond to any return you’ve ever filed
- You fail to receive expected and routine correspondence from the IRS because the thief has changed your address of record with the IRS.
Check your software
The IRS, state tax agencies and the tax prep industry are doing their share to ensure the integrity of your corporate tax data. For the 2018 filing season, tax prep software will ask for the following information:
- The name and SSN of the company executive who’s authorized to sign the corporate tax return
- The dates, amounts and medium (by check or electronically) in which estimated tax payments were made
- Whether there is a parent company and, if there is, the parent company’s name
- Whether the business has filed Forms 940, 941 or other business-related tax forms.
Tip: Don’t use software that doesn’t solicit this “know your customer” information.
Review office protocols
You should have already told your employees not to respond to any email or phone request from your company’s “CEO” to provide W-2 data. The same advice applies to anyone else inquiring about K-1 data.
In addition, consider taking these security steps, which will help secure all your tax data:
- Only sparingly grant administrator privileges across a network.
- Train employees not to click on links or open attachments they weren’t expecting. If it appears important, tell them to call the sender to verify that they sent the email and ask them to describe what the attachment or link is.
- Warn employees to not share USB or external hard drives between personal and business computers or devices and don’t allow them to connect unknown or untrusted hardware to the system or network.
- Review the software employees use to remotely access the network, as well as the software that IT support vendors use to remotely troubleshoot technical problems.