Tax-related identity theft continues to disrupt the orderly administration of tax return filings and refund payments and was poised to reach an all-time high last year. Reports of cybercriminals using fake emails and other phishing tactics to surreptitiously acquire taxpayers’ personal information spiked early in the 2016 tax season. By mid-February 2016, the number of reported phishing and malware schemes exceeded the entire number of incidents reported in 2014.
Tax-related identity theft tends to occur early in tax season before taxpayers have a chance to file legitimate returns. Perpetrators often conduct identity theft through the creation of authentic-looking emails that target both individual taxpayers and human resources departments in order to procure personally identifiable information. Social Security numbers and other Form W-2 information obtained by cyber criminals through these phishing activities can be used to file fraudulent tax returns.
The IRS together with its Security Summit partners moved quickly during 2016 to clamp down on phishing and malware-style attacks. These efforts seem to have been effective—despite the early increase in phishing activity, reported taxpayer-related identity theft fell by 50 percent in 2016. Approximately $1.1 billion in fraudulent refunds were stopped. The IRS and the Security Summit are taking additional steps to protect taxpayers in 2017 and will apply additional safeguards for identity protection. These 2017 initiatives may impact your tax filing not only in 2017 but also in years to come.
What Processes Changed
More information will be shared among tax preparers, states and the IRS, including the time it takes to complete your income tax return. Additional information sharing for business tax returns will enable businesses to benefit from enhanced protections from tax-related identity theft as well. The IRS and its Security Summit partners will use Electronic Filing Identification Numbers to enhance the authentication process for electronically filed tax returns. Furthermore, tax preparers and other financial industry professionals will be able to flag suspicious state tax refunds and send them to states for review.
In 2016, the IRS began a W-2 verification initiative that prompts users to enter a 16-digit code when entering W-2 data into tax preparation software. Roughly 2 million taxpayers took advantage of this initiative in 2016, and the IRS has expanded the initiative to 50 million in 2017. The verification code helps the IRS and taxpayers validate the information reported. If your W-2 did not contain a verification code this year, it will likely appear on your future W-2 issuances; the IRS is anticipating the rollout of the verification code to all W-2s.
In 2017, taxpayers claiming the Earned Income Tax Credit, the Child Tax Credit, or the Additional Child Tax Credit had to wait until after February 15 to receive refund payments from the IRS. The change, enacted by the Protecting Americans from Tax Hikes Act of 2015, came in part to give the IRS additional time to verify the legitimacy of returns claiming these credits, and in part to provide for financial institutions to have additional processing time.
An Identity Theft Tax Refund Fraud Information Sharing & Analysis Center also launched in 2017. This initiative will allow the IRS and its partners to collaborate as threats are assessed and will share information with affected taxpayers and tax preparers so that fraudulent activity and identity-theft schemes can be identified as soon as possible.
Addressing Tax Return Fraud
The IRS continues to stress that taxpayers should not provide personally identifiable information or Form W-2 information over email, particularly to sources you do not recognize. If you see a suspicious email that requests Form W-2 information, forward it to phishing@IRS.gov with “W-2 scam” in the subject line. Remember, the IRS will never request Form W-2 information in this manner.
Other tips to protect your identity during tax season including using security software, strong passwords and protecting your personal data. For example, do not carry your Social Security card in your wallet or purse (leave it at home in a safe or in a secure place).
If you discover you are a victim of tax-related identity theft when you attempt to file your tax return, contact the IRS at your earliest convenience. You should also put a fraud alert on your credit profile using one of the major credit bureaus.
For questions on the impact of tax-related identity fraud, please contact your local CBIZ tax advisor.
Related Resources
Copyright © 2017, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).