Skip to main content


Resource Library

Business identity theft can occur during tax filing

Be alert to signs of cybercrime

January 13, 2020 4810

National Tax Security Awareness Week might be over, but with tax season underway, employers of all sizes can take steps to protect themselves against identity theft. In fact, the IRS is urging them to do so.

The IRS in a December 2019 Newswire explains that the following incidents could indicate that a business identity theft has occurred during income tax filing:

  • File extension request is rejected because a tax return with the employer identification number or Social Security number is already on file.
  • E-filed return is rejected because a duplicate EIN or SSN is already on file with the IRS.
  • Tax transcript or IRS notice is received unexpectedly and doesn’t correspond to anything submitted by the filer.
  • Expected and routine correspondence from the IRS is not received.  

Taxpayers frequently don’t discover they are a victim of identity theft until they attempt to e-file but the IRS rejects the return because the taxpayer’s employer identification number or Social Security number has already been used. IRS systems will only accept one unique EIN or SSN.  

And not receiving expected correspondence from the IRS could indicate that a cybercriminal has accessed the filer’s information and changed the filer’s address.

Employers who experience any of the above situations “should be alert to potential identity theft and contact the IRS,” the Dec. 5 Newswire states.

Despite multi-agency efforts to combat tax-related identity theft, cybercriminals continue to evolve in their methods — often staying one step ahead of the IRS and law enforcement partners. Identity thieves in recent tax years have used phishing email scams to remotely access office computers, complete pending Form 1040s, change electronic deposit information and e-file returns. Phishing occurs when a criminal poses as a known or trustworthy entity and attempts, usually through email or an imposter website, to obtain sensitive information.

“Always be alert to phishing scams, even if the emails appear to come from a colleague or client,” the IRS advised in a recent news release. “If the language sounds a bit off or if the request seems unusual, contact the ‘sender’ by phone to verify rather than opening an attachment.”

Security software with firewall and anti-virus protections is a must, as are strong email and account passwords. Security software will be most effective when it is set to update automatically.

Additionally, two-factor authentication appears to be one of the most effective guards against data theft through email. Customers and especially tax professionals should use this option, which adds an extra layer of protection beyond a password, to prevent cybercriminals from taking over accounts.

Taxpayers can learn more about protection in the IRS’s Taxpayer Guide to Identity Theft. The IRS also has short videos about avoiding phishing emails on its YouTube page.

For specialized assistance in the event of potential tax account-related identity theft, contact the IRS at 800.908.4490.

Comments are only visible to subscribers.