Businesses and tax ID theft

Business, as well as individual, clients may need CPAs’ help in protecting against and remedying tax-related identity theft.
By Jennifer Primrose, CPA, and Amanda Ward, CPA, CGMA

While much attention has been paid to tax-related theft of the identity of individual taxpayers (see, e.g., "Resolving the Theft of Tax Clients' Identity," JofA, Sept. 2015, page 30), businesses can be victims of this form of fraud as well. What follows are common warning signs of business-related tax identity theft and tips on how practitioners can help their business clients prevent it and correct it when it occurs.


Business-related identity theft may be more difficult to detect than individual identity theft, as the signs that indicate business identity theft may also be the product of a simple processing or filing error. The following signs warrant additional investigation:

  • The business files an original tax return, but the IRS notifies the business that it has previously received a return for the business for that tax year.
  • The IRS issues a notice regarding purported employees who are not known to the business.
  • In monitoring its accounts and transcripts with the IRS, other business filings with state authorities, or credit reports, the client discovers activity related to a business that is inactive or that has already been closed, after all account balances pertaining to that entity have already been paid.


The actions recommended for businesses that are victims of identity theft are similar to those for individuals. They should always respond to IRS or state notices immediately. Businesses should file a report with their local police department, report the theft to the Federal Trade Commission, contact the major credit bureaus to place a fraud alert on their records, and close any accounts with fraudulent activity. The businesses should continue to monitor their credit reports, online business registration information, and business account activity with the IRS and state agencies (even for closed businesses). In addition, the businesses should review and update their computer security policies.


CPAs may offer clients the following suggestions:

  • Truncate Social Security numbers (SSNs) where possible or mask them on insurance cards.
  • Monitor credit reports at least annually.
  • Request that clients forward any IRS notices immediately.
  • Keep Social Security cards and financial information in a secure location and properly dispose of documents with SSNs or account numbers.
  • Give out an SSN, birthdate, or address only if required.
  • Buy and use a shredder.
  • Protect personal computers with firewalls, anti-spam, or anti-virus software; regularly change passwords; and password-secure wireless connections.
  • Be mindful of the personal information divulged on social media, as hackers are getting increasingly sophisticated.

In addition, CPAs can suggest the following for business clients:

  • Use anti-virus and other security software on all office computers and update data-security policies.
  • Educate employees about phishing (attempts by fraudsters to acquire information via electronic communications by posing as a legitimate entity).
  • Remind employees not to open links or attachments from emails they were not expecting to receive.
  • Update business filings with the IRS and with state business registries as soon as any contact information changes.
  • Monitor the business's credit profile at least annually.
  • If possible, consider filing business tax returns earlier in tax season.
  • Forward phishing emails purported to be from the IRS per the forwarding instructions on the IRS website.

The IRS and AICPA offer several resources for practitioners and taxpayers. The Tax Section of the AICPA website ( has a tax identity theft toolkit exclusively for Tax Section members that includes a sample letter to clients.

Tax-related identity theft is on the rise. CPAs and tax practitioners can be a valuable resource to both business and individual clients to help prevent and correct it. CPAs should continue to monitor the resources outlined above, especially as the IRS continues its efforts to combat tax return theft and refund fraud.

Editor's note: This column is adapted from "Tax Clinic: Assisting Clients With Tax-Related Identity Theft," in the December 2015 issue of The Tax Adviser.

Jennifer Primrose ( is a senior accountant, and Amanda Ward ( is a supervisor, tax, both at DMJ & Co. PLLC in Greensboro, N.C.

To comment on this article or to suggest an idea for another article, contact Paul Bonner, senior editor, at or 919-402-4434.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.