Don’t be an easy mark: What every tax pro should know about identity theft

IRS Tax Tip 2022-135, September 1, 2022

It can be a challenge to stay ahead of identity thieves. These criminals are tech and tax savvy, and they like to target tax pros. They can either trick or hack their way into tax professionals’ computer systems to access client data. Even when tax pros think they have client data stored securely, lack of strong authentication can make this information vulnerable.

Thieves use stolen data to file fraudulent tax returns, which is more difficult for the IRS to detect because the fraudulent returns use real financial information. Other data thieves sell the basic tax preparer or taxpayer information on the web so other fraudsters can try filing fraudulent tax returns.

Luckily, there are some easy things tax pros can do to protect their clients:

  • Create a security plan. Under federal law, paid tax return preparers must have a data security plan. This plan protects the business and client information while also providing a blueprint for action in the event of a security breach. For many tax pros, knowing where to start when developing a written security plan presents challenges. There are resources available to assist like IRS Publication 4557, Safeguarding Taxpayer DataPDF.
  • Encourage clients to apply for an Identity Protection PIN. The IRS now offers IP PINs to all taxpayers who can verify their identities online, on the phone with an IRS employee after filing a Form 15227, or in person. The IP PIN is a six-digit number that is known only to the taxpayer and the IRS. It helps prevent an identity thief from filing a fraudulent return in the taxpayer’s name. Tax professionals cannot obtain an IP PIN for their clients. Clients must verify their identities to the IRS. The easiest way is at the Get an IP PIN tool on IRS.gov.
  • Avoid spear phishing scams. One of the most successful tactics identity thieves use against tax professionals is the spear phishing scam. Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Tax pros have been especially vulnerable to spear phishing scams from thieves posing as potential clients. Thieves might carry on an email conversation with their target for several days before sending the email containing a link or attachment. The link or attachment may secretly download software onto tax pros’ computers that will give the thieves remote access to the tax professionals’ systems.
  • Know the tell-tale signs of identity theft. Many tax professionals who report data theft to the IRS also say that they were unaware of the signs that a theft had occurred. There are many signs that tax pros should watch for. These include multiple clients suddenly receiving IRS letters requesting confirmation that they filed a tax return deemed suspicious. Tax professionals may also see e-file acknowledgements for far more tax returns than they filed. In computer hacking scenarios, computer cursors may move seemingly on their own.
  • Help clients protect themselves whether working from home or traveling. With the continuation of work-from-home policies for many organizations, taxpayers are doing more and more electronically. Tax pros can help their clients protect themselves by sharing information on computer security. These cyber-smart tactics protect not only the tax professional, but their clients also.

More information: