The Internal Revenue Service warns that there's a growing wave of identity theft attempts against employers. This National Small Business Week 2018, the tax agency offers advice on how to keep your company afloat in the fight against these crimes.
Identity thieves have long made use of stolen Employer Identification Numbers (EINs) to create fake Forms W-2 that they would file with fraudulent individual tax returns. Fraudsters also used EINs to open new lines of credit or obtain credit cards. Now they are using company names and EINs to file fraudulent returns.
In the past two years alone, the IRS has noted a sharp increase in the number of fraudulent filings of Forms 1120, 1120S and 1041 as well as Schedule K-1. The fraudulent filings apply to partnerships as well as estate and trust forms.
EINs as gateway to ID theft: Identity thieves have long made use of stolen EINs to open new lines of credit or obtain credit cards in businesses' names.
Fraudsters also use EINs to create fake Forms W-2 that they can use to file fraudulent individual tax returns.
But the fake tax returns don't stop with individual 1040s. Business, partnerships and estate and trust filers should be alert to potential identity theft and contact the IRS if they encounter any of these issues:
- Extension to file requests are rejected because a return with the EIN or Social Security number (SSN) is already on file.
- An e-filed return is rejected because a duplicate EIN/SSN is already on file with the IRS.
- Received 5263C or 6042C letters.
- An unexpected receipt of a tax transcript or IRS notice that doesn't correspond to anything the legitimate filer submitted.
- Failure to receive expected and routine correspondence from the IRS because the thief has changed the real taxpayer address.
Ways to protect your business: The IRS, state tax agencies, software providers and general tax industry — also known as the Security Summit members — continue to join forces to fight identity theft.
The Security Summit partners share certain data points from tax returns, including business returns, that help identify a suspicious filing.
The IRS and states ask that business and tax practitioners provide additional information that will help verify the legitimacy of tax returns.
Tax professionals who represent business clients also are encouraged to respond to the "know your customer" questions that tax software uses. These include:
- The signer of the return, including name and SSN.
- Tax payment history of the company.
- Parent company information.
- Additional information based on deductions claimed.
- Tax filing history of the company.
Sole proprietorships that file Schedule C and partnerships filing Schedule K-1 with Form 1040 also will be asked to provide additional information items, such as a driver's license number. Providing this information will help the IRS and states identify suspicious business-related tax returns.
More IT security suggestions: For small businesses looking to enhance their security, the National Institute of Standards and Technology (NIST) created Small Business Information Security: The Fundamentals. NIST is the branch of the U.S. Commerce Department that sets information security frameworks followed by federal agencies.
The United States Computer Emergency Readiness Team (US-CERT) has Resources for Small and Midsize Businesses. Many secretaries of state also provide resources on business-related identity theft as well.
The IRS and its Security Summit partners also recommend the IRS.gov page Identity Protection: Prevention, Detection and Victim Assistance for information about business-related identity theft.
Security for all: Remember, too, that you don't have to be a small business owner to make sure your tax and other personal and financial information is secure. The best way to do that is to ensure that it's not easy for crooks to break into your online data files.
And today, May 3, is the perfect day to up your online security. It is, after all, World Password Day.
Despite technological advances and predictions that passwords' days are numbered, for most of us they still provide the first line of defense against identity theft.
So today is the perfect one to do a password review.
Here are three quick password tips.
- Make sure you use strong passwords. Never use family names, pets, birthdays, '12345' or 'password' as your password. Yes, some people still break these rules. In fact, a PCMag survey of 1,000 U.S. consumers conducted April 27-29 found that 19 percent use their name or initials in their passwords. Others admitted to using their wedding date (16 percent), the name of a family member (15 percent), birth year (12 percent), house address (12 percent) or spouse's personal information (8 percent). And yes, that is the sound of hackers cheering you are hearing across the internet.
- Use unique passwords for each account. If you don't, the hacking of just one of your passwords means the criminals can unlock your other accounts. To help keep you from feeling overwhelmed by all your individual passwords, consider a password manager. Mashable evaluates some options.
- Double your password protection. Account access redundancy is your best security friend. Use dual password authentication — something the IRS has started using for access to taxpayer online account — to make it more difficult for the identity thieves to steal your accounts. This includes using passwords along with fingerprint scanning, face and voice recognition and/or one-time phone, app or email codes that also must be entered in order to open an account.
The bottom line for businesses and individuals is to be aware. It only takes a momentary lapse in online security for a crook to steal your identity, giving them an opportunity to wreck your company and/or life.
Don't give them the chance.