Drake Software blog for tax pros, covering tax, IRS news, and more

National Tax Security Awareness Week: Business Identity Theft

IRS Highlights Small Business W-2 Scam

On Day 4 of the Security Summit-sponsored National Tax Security Awareness Week, the Internal Revenue Service is focusing on business identity theft scams.

While identity theft is often associated with criminals stealing someone’s personally identifiable information (PII), the IRS says these scams can also be used to target businesses: “just like individuals, businesses may have their identities stolen and their sensitive information used to open credit card accounts or used to file fraudulent tax [returns] for bogus refunds.”

To make it harder for criminals to successfully file these returns, the IRS established the “trusted customer” questions, which are similar to the multi-factor authentication used by online banking services. Basically, anyone responsible for filing the return gives extra authenticating information to the IRS, like additional PII, estimated payment history, and past filing history.

Identity thieves have also begun targeting employees with a spear phishing scam that requests all of the business’ W-2 information. To trick victims into divulging that PII gold mine, the identity thieves pose as a high-level employee to make the request seem routine. To help businesses efficiently report when they are the victim of the W-2 email scam, the IRS listed the following steps:

  • “Email dataloss@irs.gov to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
  • Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
  • Businesses/payroll service providers should file a complaint with the FBI’s Internet Crime Complaint Center (IC3.gov). Businesses/payroll service providers may be asked to file a report with their local law enforcement agency.
  • Notify employees so they may take steps to protect themselves from identity theft. The Federal Trade Commission’s www.identitytheft.gov provides guidance on general steps employees should take.
  • Forward the scam email to phishing@irs.gov.”

The IRS also recommends that businesses develop a security plan for handling requests for and dissemination of employee PII and make sure staff members responsible for handling this information are made aware of these scams.

Remember, Taxing Subjects will cover the final National Tax Security Awareness Week topic tomorrow. For frequent data security updates, be sure to follow @IRStaxsecurity on Twitter.

Source: IRS Newswire

Ryan Norton

Whether designing superheroes, penciling caricatures, or just doodling, I always knew I was going to earn some sort of art degree while in college. That was my goal before I decided to trade Edgar Degas for Edgar Allan Poe during a Freshman English class. The BA in English soon morphed into a double-major in English and Philosophy, eventually becoming an MA in English. It only makes sense that I learned of a writing opportunity for a local marketing firm while teaching a first-year college English course. Before I knew it, I was writing and editing tax-related articles for Taxing Subjects, and this has been my home since 2014.

comments powered by Disqus