Financial and Tax-Related Identity Theft - Part Two

How to help clients if their IRS information has been compromised

By Blake Christian

Key Takeaways:

  • Tax-related identity theft is the newest and most dangerous financial problem.
  • The IRS has implemented recent steps to reduce the impact of identity theft.
  • Once there is a personal data breach, clients and their advisors must move quickly to minimize financial and credit rating damage.

As I discussed in Part One of this article, identity theft is now the most common consumer complaint—with over 10 million total identity theft cases per year. It not only has tarnished the reputations of Fortune 500 brands such as Anthem, Target and Home Depot, but it also has infiltrated security-conscious government agencies, including the Internal Revenue Service.

The IRS has been slow to respond to these issues. However, with taxpayers and Congress turning up the heat, the IRS has recently taken a few positive steps to help prevent and resolve tax identity theft cases. False returns are often filed early in the tax season using the victim’s Social Security number and a revised address so that the thief can benefit from the fraudulent refund.

Once you believe your personal data may have been compromised, it is critical to act quickly, since thieves will not limit the scope of their attack. So consider all of the following steps:

  • Subscribe to a credit monitoring service such as www.creditchecktotal.com
  • Place a credit freeze at each of the three credit bureaus—Equifax, Experian and TransUnion.
  • Call the IRS at 800-908-4490 to determine whether anyone has filed a tax return under your name or Social Security number—including for prior years.
  • File an Identity Theft Affidavit (Form 14039) with the IRS—see discussion below.
  • File an Identity Theft Affidavit with your state tax authorities.
  • Obtain an IP (identity protection) PIN from the IRS
  • File a police report.
  • File a complaint with the FTC at 877-438-4338 or www.identitytheft.gov

In an attempt to prevent these cases, the IRS has created Form 14039–Identity Theft Affidavit. The form was created for taxpayers to warn the IRS if they may be at risk for identity theft so the IRS can flag the account and increase its oversight for suspicious activity. For suspicious returns, the IRS will contact the taxpayer and ask the person for personal information to verify his or her identity. If the taxpayer is unable to respond in a timely manner with accurate information (e.g., prior home and business addresses, AGI on prior returns, etc.), the return will automatically be marked as “fraudulent” and essentially frozen in the IRS’ system. If a taxpayer accidentally answers a question incorrectly or does not know an answer, the IRS representative will typically work with the taxpayer to sort out his or her true identity. An identity thief will typically hang up on the IRS as soon as he or she answers one question wrong! The IRS has also produced this useful information on identity theft.

Since changing the unsuspecting taxpayer’s mailing address is a common method for hijacking refunds, the IRS is closely monitoring any changes in a taxpayer’s address(es). Therefore, self-preparers and paid tax preparers need to be especially careful when completing their clients’ business and home addresses on current filings. Simply adding a “c/o” reference, middle initial, or changing a suite reference can flag a return as potentially fraudulent—thereby delaying processing and timing of refunds.

Once a return has been flagged, the IRS will assign the case to an assistor. When this occurs, the return will no longer be a priority for the IRS, and it can take six months or more to resolve the case. Most taxpayers will not want to wait six months to get their cases resolved, so it’s more important than ever for preparers to complete clients’ returns thoroughly and accurately in the current environment.

If and when a flagged return is finally resolved, the IRS requires that the taxpayer create a PIN to prevent future fraud cases. The PIN is used in place of the taxpayer’s Social Security number in case the thief attempts to file another fraudulent return. The IRS will also send out notices to taxpayers they believe might be at risk of identity theft.

However, the IRS can come up with only a limited number of precautions and resolutions; ultimately, it is your clients’ (the taxpayers’) job to protect their personal information, especially their Social Security numbers. With today’s technology, it is easy to be scammed into entering information on a website that seems trustworthy. Even if information is being sent through an email or text message to a friend, a thief can easily intercept the message or read it on an email server. If email is the only way for clients to send you their Social Security numbers, make sure the email is fully encrypted.

As I mentioned in Part One, you can advise clients to take certain precautions to prevent these breaches from occurring in the first place. Again, here are some precautions that you and your clients can take to prevent identity theft:

  • Enroll in various credit monitoring services. Note that most clients can get free credit monitoring services as a result of being a customer of Anthem, Target, Home Depot, or other retailers or financial institutions that experienced a credit card database breach.
  • Shred any personal files at home and at work.
  • Protect Social Security numbers on the web, over the phone and in letters, etc. Generally speaking, including the last four digits is fine for existing accounts.
  • Prevent personal financial information from being shared over the phone unless you are positive who the other party is. A good rule of thumb for incoming calls associated with any accounts is to get the caller’s number, check the number and return the call if it looks legitimate.
  • Do not use public Wi-Fi networks when dealing with banking, investment and tax data. Use a secured virtual private network (VPN), and encrypt emails if personal information must be sent via the Internet.
  • Many umbrella insurance policies provide services and cover costs to repair damage caused by identity theft.

Identity theft and tax cloning are preferred scams for thieves because of their high financial payoff potential and relatively low risk. Thieves know it’s hard to trace who actually filed the return and obtained the refund.

Furthermore, even when they are caught, white collar crime perpetrators often get off with relatively minimal prison time. To help clients protect themselves against tax identity theft, encourage them to follow the basic rules of keeping their Social Security numbers, dates of birth and account passwords confidential whenever possible.


There’s a high probability that you have clients whose personal information has been compromised via one of the many recent high-profile breaches. All clients should periodically check their credit reports and sign up for credit monitoring (again, this should be free for most). When there is any possibility of a breach of account information, taxpayers should immediately alert the IRS and the state tax authorities so that they can watch for any suspicious activity on the taxpayers’ tax accounts.

About the Author

Blake Christian, CPA/ MBT is a Tax Partner in the Long Beach office of California-based Top 50 CPA firm HCVT LLP. Blake has over three decades of experience and specializes in corporate and high net-worth individual income, estate and gift tax planning. Blake is a frequent speaker and author and is a thought leader in best practices for professional service firms.