Cybercriminals Targeting Employer Identification Numbers

As part of the Small Business Week program, the IRS last week addressed ways businesses could protect against a recurring identity-theft scheme: using stolen EINs to file business, partnership, and estate and trust tax returns.

The IRS press release noted that while criminals have historically used stolen EINs to file individual returns or open credit card accounts, the number of fraudulently filed Forms 1120, 1120S, and 1041 has spiked since 2016. As a result, the agency says businesses will need to step up data-security efforts to prevent being a victim.

What Can Businesses do to Protect Against Fraudulently Filed Returns?

One of the first things a business can do to protect against this scam is determine if they have already been the victim of identity theft. If an e-filed return or extension is rejected because the business’ EIN—or the business owner’s SSN—is already associated with a filed return, it’s a pretty strong indicator they’re an identity theft victim. Likewise, businesses should keep an eye out for Letters 5263C and 6042C, as well as unexpected tax transcripts.

Another way to protect against identity theft is by providing the IRS additional information, like the name and Social Security Number of the person who signed the return or the business’ tax payment history. According to the IRS, “sole proprietorships that file Schedule C and partnerships filing Schedule K-1 with Form 1040 also will be asked to provide additional information items, such as a driver’s license number.”

Additional security resources can be found on the National Institute of Standards and Technology (NIST), United States Computer Emergency Readiness Team (US-CERT), and IRSwebsites.