The IRS on Thursday issued a warning to employers and small businesses to beware of growing attempts by cybercriminals to target businesses to obtain the business’s and employees’ information. These criminals then use the stolen information to open credit card accounts and file fraudulent tax returns for “bogus refunds.”
In the past two years, the IRS has noted an increase in fraudulent Forms 1120, U.S. Corporation Income Tax Return, 1120S, U.S. Income Tax Return for an S Corporation, and 1041, U.S. Income Tax Return for Estates and Trusts, as well as Schedules K-1 being filed by cybercriminals. This includes fraudulent filings for partnerships and trust and estates.
According to the IRS, identity thieves have long used stolen employer identification numbers (EINs) to create fake Forms W-2, Wage and Tax Statement, that they then file with fraudulent individual tax returns, as well as to open new lines of credit or obtain credit cards. Now they are using company names and EINs to file fraudulent business returns.
The IRS noted that, just as with individual income tax returns, this group of business, partnership, and trust and estate return filers should be aware of these signs that their identity has been stolen:
- The IRS rejects an extension to file request because a return with the EIN or Social Security number (SSN) is already on file.
- The IRS rejects an e-filed return because there is a return with a duplicate EIN/SSN already on file.
- The taxpayer received a Letter 5263C or 6042C, which notifies taxpayers they may be an identity theft victim.
- The taxpayer unexpectedly receives a tax transcript or IRS notice that does not correspond to anything the taxpayer submitted.
- The taxpayer fails to receive expected and routine correspondence from the IRS because the identity thief has changed the taxpayer’s address with the IRS.
The IRS, state tax agencies, and tax return preparers are asking taxpayers to provide additional information to verify that a return is legitimate. Those steps include “know your customer” questions, including who signed the return (name and SSN), the company’s tax payment and/or filing history, the company’s parent company, and additional information about the claimed deductions. Sole proprietorships that file Schedule C, Profit or Loss From Business, and partnerships may be asked to provide driver’s license information.
The IRS also suggested that business taxpayers protect against identity theft by adopting the recommendations for cybersecurity from the National Institute of Standards and Technology.
— Sally P. Schreiber (Sally.Schreiber@aicpa-cima.com) is a JofA senior editor.