There’s an old saying about one door opening when another door closes.
It’s an adage about new opportunities that is meant to inspire. But not in this case.
Swindlers who for years have duped the federal government into paying them tax refunds based on fraudulent returns filed using individuals’ stolen identities are finding that harder to pull off because Uncle Sam has caught on to their tricks. So they now are targeting businesses and others, filing phony returns in their names.
Through the first five months of this year, about 10,000 corporate, partnership, trust and estate tax returns were flagged as potentially fraudulent. That’s more than twice as many as the 4,000 flagged all of last year. In all of 2015, there were only 350.
While the numbers still are relatively low, the potential dollar amounts are significant: $137 million for 2017, $268 million for 2016 and $122 million for 2015. It’s a wonder that businesses haven’t been hit hard sooner, as there is a lot of cash at stake.
If you own a business or are in charge of a corporate, trust or estate tax return, this is something to be aware of. And as the government tries to slam this door on the tax thieves, it’s going to affect you.
The number of fraudulent tax returns filed in individuals’ names dropped significantly after the IRS brainstormed with tax software companies, state tax officials and others in the industry.
Software companies beefed up security measures and individuals were required to provide more information on their returns. It worked. In the first five months of 2017, about 107,000 taxpayers reported being victims of identity theft, compared to about 204,000 during the same period in 2016 and about 297,000 in 2015.
Now, the government is going to demand that businesses take additional steps to protect themselves from having phony returns filed in their names, too.
“The IRS, state tax agencies and the tax community have worked hard to turn the tide against tax-related identity theft. We’re making progress in protecting individuals but we still have more work to do, especially in the business tax area and involving tax professionals,” IRS Commissioner John Koskinen said when announcing the plan a few months ago. “Continued lapses in simple security measures can happen in tax professional offices and other business as well as at home.”
To combat this rising threat, more information will be required on business filings starting next year to help the IRS authenticate them.
Requested information may include the name and Social Security number of the person a company authorizes to sign the business return; tax payment history including the timing and amount of estimated payments and the type of forms filed; information about any parent company; and information based on claimed deductions.
Committing tax identity theft fraud against a business isn’t as easy as committing it against an individual, whom crooks can impersonate with a Social Security number obtained through phishing scams, data breaches and illicit websites that sell stolen data. So how are these crooks getting enough information about a business, estate or trust to impersonate them on a tax filing?
The cons are increasingly targeting the mother lode of such information — tax preparers who handle such returns.
Cybercriminals are showing increasing savvy and tax expertise as they use stolen data, sometimes from tax practitioners, to file these fraudulent returns for refunds, the IRS said.
“It’s especially difficult to identify any tax return as fraudulent when criminals are using information stolen from tax preparers,” Koskinen said. “The stolen data allows criminals to better impersonate the legitimate taxpayers.”
For the first five months of this year, there were 177 reported data breaches at tax preparers’ offices. About three to five reports of new data breaches are received each week.
Scammers target tax preparers in a number of ways, including with devious emails designed to appear as if they come from tax software companies that prompt the preparers to download an “update” that really is malware that steals data. National and international criminal syndicates often are behind the attacks, the IRS says.
Vigilant corporations, partnerships, estates and trusts may be able to catch on when they are being targeted.
You should ask questions if your request for more time to file a return is rejected because a return already has been filed under the employer identification number or Social Security number on file, or if an electronically filed return is rejected because of a duplicate employer or Social Security number already being filed.
You also should investigate if you unexpectedly receive a tax transcript or IRS notice that doesn’t correspond to anything you submitted, or if you don’t receive expected and routine correspondence from the IRS, which could happen if an identity thief changes your address with the agency.