Guarding Against Small Business Tax Identity Theft Guarding Against Small Business Tax Identity Theft

As more consumers are better able to protect themselves from tax-related identity theft schemes, fraudsters are turning their attention to small and medium businesses. By stealing some financial and identity information, criminals are working to steal small business refunds and data that can be used to commit other financial crimes.

In the most common example, thieves obtain a company’s employer identification number (EIN) and try to file a return claiming a refund.

According to the Internal Revenue Service, there are a number of common signs that someone has tried to file a fraudulent return or has tried to compromise your company’s tax identity:

The IRS rejects an e-filed return or a request for an extension to file, saying it already has receive a return or request using that EIN

The company receives a unexpected receipt or tax transcript, or an IRS notice that’s unrelated to anything it has filed or submitted

The doesn’t receive routine IRS mailings because someone has changed the address associated with the company’s account

In addition to fraudulent returns, criminals send emails supposedly coming from company executives that ask payroll or HR team members to provide W-2 forms or similar employee data. This data, if provided, would then be used to commit ID theft or financial fraud.

The problem is exacerbated by the relative ease in finding business license and EIN data online.

Reducing the Risk

One of the most effective ways to reduce the risk of tax identity fraud is filing a return, or a request for an extension, as soon as possible during filing season. If you’re interesting in an extension because you’re concerned about being able to pay, contact the IRS as soon as possible to discuss payment plans.

It’s also a good idea to discuss information security with your tax professional. Some CPA firms, for instance, have undergone training and received a cybersecurity advisory services certificate that indicates an ability to help clients meet security needs while protecting client data.

You should also be careful about responding to phone calls or emails claiming to be from the IRS. The agency won’t ask for financial information using these forms of communication, so it’s best to ignore them. If you’re not sure about the validity of a message you’ve received, contact the IRS for verification.