The New Frontier - Tax-Related Identity Theft

September 1, 2015
Blake Christian, Partner, CPA/ MBT

Key Take-Aways

  • Identity theft is now the most common consumer complaint with over 10 million cases per year – and growing rapidly every year.
  • A recent AICPA survey showed that over 1/3 of older adults and 22% of Millennials fell victim to identity theft last year.
  • The combination of billions of e-documents, server and cloud-based databases and sophisticated hackers, this trend will likely get much worse for the short-term.
  • Tax-related identity theft is the newest and most dangerous target.
  • The IRS has implemented recent steps to reduce identity theft impact.
  • Clients must take precautions to protect their personal information and should enroll in credit monitoring services as a preventive measure.  Most are free or minimal cost.
  • Once there is a personal data breach, clients and their advisors must move quickly to minimize financial and credit rating damage.

With the recent revelation that the IRS data breach involved over 330,000 taxpayer records (the IRS originally reported only 104,000 records were compromised), the IRS has finally received sufficient pressure to implement some formal procedures to assist taxpayers who have experienced a governmental, corporate or other data breach.

Due to the massive credit card breaches at various financial institutions, Target, Home Depot and other retailers, combined with attacks at government agencies, identity theft is now the most common consumer complaint – with over 10 million total identity theft cases per year.  

It is important to know how to assist clients if they ever fall victim to identity theft.   As a financial advisor, you are on the front line of assisting clients with all things involving their financial activities, so you will likely be one of the first of the advisors to hear about any client identity theft issues. Therefore being familiar with the various schemes, preventive measures and corrective action will help to further build your client relationships.

Identity theft is clearly a growing trend with very serious repercussions for consumers, taxpayers, businesses and government agencies.  For taxpayers, a data breach can result in loss of funds, delayed tax refunds, cloned identities, and/ or damaged credit ratings – not to mention a massive time drain to sort out the extent of the thieves[s activities.   And for organizations that did not prevent the breach, they can face expensive lawsuits, loss of consumer trust and decreased sales for retailers.

For only $1 you can enroll in Experian’s credit monitoring service and review your current credit standing on all three credit bureaus:  Enrollment and a review of your open credit accounts and personal data takes less than 10 minutes and will give you a very good picture of whether you have been breached or not.  If a client detects that their data has been breached (e.g. they see new credit card accounts they did not open, or personal information has been altered), taxpayers should immediately contact all three major credit bureaus (Equifax, Experian, and Trans Union) and alert them of the fraud.  The next organizations to notify are the IRS and state tax authorities, since that is another prime target for the hackers.

While all breaches are serious, the IRS breaches are some of the most worrisome, since the IRS houses hundreds of millions of highly confidential records (including social security numbers for all family members), which are a treasure-trove for these sophisticated hackers.  The thieves might also get access to taxpayers’ IRS account information from other data braches discussed above.

Accessing any one of the many IRS systems or databases can offer the Holy Grail of data for these tech-criminals.  Access to taxpayer and dependent social security numbers, home and business addresses, income sources, can spell disaster for the poor taxpayers whose records have been compromised – and can now be cloned. 

The IRS has been slow to respond to these issues. However, with taxpayers and Congress turning up the heat, the IRS has recently taken a few positive steps to help prevent and resolve tax identity theft cases. False returns are often filed early in the tax season using the victim’s social security number, and a revised address, so that the thief can benefit from the fraudulent refund.  

In an attempt to prevent these cases, the IRS has created Form 14039 – Identity Theft Affidavit   The form was created for taxpayers to warn the IRS if they may be at risk for identity theft. Therefore, the IRS can flag the account and increase their oversite for suspicious activity. For suspicious returns, the IRS will contact the taxpayer and ask them to verify their identity by asking for personal information. If the taxpayer is unable to respond in a timely manner with accurate information, the return will automatically be marked fraudulent and essentially frozen in the IRS’s system. The IRS has also produced this useful information on identity theft:

Since changing the unsuspecting taxpayer’s mailing address is a common method for hijacking refunds, the IRS is closely monitoring any changes in addresses.  Therefore, self-preparers and paid tax preparers need to take special care in completing the business and home addresses reflected on current filings.  Simply adding a middle initial, or changing a suite reference can flag a return as potentially fraudulent – thereby delaying processing and refunds.

Once a return has been flagged, the IRS will assign the case to an assistor. This is when the return will no longer be a priority to the IRS. At this stage, the return will generally take a long time to reach a resolution. In some cases, it will take 6 months or more to resolve. Most taxpayers will not want to wait six months to get their case resolved.

If, and when, a flagged return is finally resolved, the IRS requires that the taxpayer create a Personal Identification Number (PIN) to prevent future fraud cases. The PIN is used in place of the taxpayer’s social security number in case the thief attempts to file another fraudulent return. The IRS will also send out invitations to taxpayers they believe might be at risk of identity theft.

However, the IRS can only come up with a limited amount of precautions and resolutions; ultimately it is the taxpayer’s job to protect their personal information, especially their social security numbers. With technology these days, it is easy to be scammed and tricked into entering information onto a website that seems trustworthy. Even if information is being sent through an email or text message to a friend, a thief can easily intercept the message or read it on the email server. If the only way to send your social security number is through email, make sure the email is fully encrypted.

As a financial advisor, you can advise clients to take certain precautions to prevent these breaches. Some precautions that can be taken to prevent identity theft cases include:

  • Enrolling in various credit monitoring services.  Note that most clients can get free credit monitoring services as a result of being a customer of Anthem, Target, Home Depot or other retailers or financial institutions that experienced a credit card database breach.
  • Shredding any personal files at home and at work
  • Protecting social security numbers on the web, over the phone and in letters, etc.  Generally including the last 4 digits is fine for existing accounts.
  • Preventing personal financial information from being shared over the phone unless you are positive who the other party is.  A good rule of thumb for incoming calls associated with any accounts is to get the callers number, check the number out, and return the call if it looks legitimate.
  • Do not use public wi-fi networks when dealing with banking, investment and tax data.  Use a secured Virtual Private Network (VPN) and encrypt emails if personal information must be sent via internet
  • Many umbrella insurance policies provide services and cover costs to repair credit, etc. caused by identity theft.


Identity theft and tax cloning is preferred for thieves because of the high financial pay-off and relatively low risk since it is hard to trace who actually filed the return and obtained the refund.

Furthermore, even when they are caught, white-collar crime perpetrators often get off with relatively minimal prison time.  To help prevent tax identity theft from happening in the first place, clients need to follow the basic rules of keeping their social security numbers, dates of birth and account passwords confidential wherever possible,

The probability is high that your clients’ information has already been compromised via one of the many high profile breaches.  Therefore, every taxpayer should periodically check their credit reports and sign up for credit monitoring (again, this should be free for most).  When there is any possibility of a breach of account information, taxpayers should immediately alert the IRS and the state tax authorities so that they can watch for any suspicious activity on your tax accounts. 

Blake Christian, CPA/ MBT is a Tax Partner in the Park City, UT and Long Beach, CA offices of HCVT.  He can be reached at: or (562) 305-8050.

For Further Information
Blake Christian
T: 432.200.9262


Main Menu