[BreachExchange] Small businesses: Be alert to identity theft

Mon Dec 11 19:25:12 EST 2017

http://theworldlink.com/news/local/business/small-businesses-be-alert-to-
identity-theft/article_4d198c88-33a5-5345-84f8-e0cbd12e2833.html

The IRS, state tax agencies and the nation’s tax industry joined together
to warn small businesses to be on-guard against a growing wave of identity
theft against employers.

Small business identity theft is a big business for identity thieves. Just
like individuals, businesses may have their identities stolen and their
sensitive information used to open credit card accounts or used to file
fraudulent tax refunds for bogus refunds.

The Internal Revenue Service, state tax agencies and the private-sector tax
community -- partners in the Security Summit -- are marking “National Tax
Security Awareness Week” with a series of reminders to taxpayers and tax
professionals. The week concludes with warnings about small business
identity theft.

In the past year, the Internal Revenue Service has noted a sharp increase
in the number of fraudulent Forms 1120, 1120S and 1041 as well as Schedule
K-1. The fraudulent filings apply to partnerships as well as estate and
trust forms.

Identity thieves are displaying a sophisticated knowledge of the tax code
and industry filing practices as they attempt to obtain valuable data to
help file fraudulent returns. Security Summit partners have expanded
efforts to better protect business filers and to better identify suspected
identity theft returns.

Identity thieves have long made use of stolen Employer Identification
Numbers (EINs) to create fake Forms W-2 that they would file with
fraudulent individual tax returns. Fraudsters also used EINs to open new
lines of credit or obtain credit cards. Now, they are using company names
and EINs to file fraudulent returns.

As with fraudulent individual returns, there are certain signs that may
indicate identity theft. Business, partnerships and estate and trust filers
should be alert to potential identity theft and contact the IRS if they
experience any of these issues:

- Extension to file requests are rejected because a return with the
Employer Identification Number or Social Security number is already on file;
- An e-filed return is rejected because of a duplicate EIN/SSN is already
on file with the IRS;
- An unexpected receipt of a tax transcript or IRS notice that doesn’t
correspond to anything submitted by the filer;
- Failure to receive expected and routine correspondence from the IRS
because the thief has changed the address.

New Procedures to Protect Business in 2018

The IRS, state tax agency and software providers also share certain data
points from returns, including business returns, that help identify a
suspicious filing. The IRS and states also are asking that business and tax
practitioners provide additional information that will help verify the
legitimacy of the tax return.

For 2018, these “know your customer” procedures are being put in place that
include the following questions:

- The name and SSN of the company executive authorized to sign the
corporate tax return. Is this person authorized to sign the return?
- Payment history – Were estimated tax payments made? If yes, when were
they made, how were they made, and how much was paid?
- Parent company information – Is there a parent company? If yes, who?
- Additional information based on deductions claimed
- Filing history – Has the business filed Form(s) 940, 941 or other
business-related tax forms?

Sole proprietorships that file Schedule C and partnerships filing Schedule
K-1 with Form 1040 also will be asked to provide additional information
items, such as a driver’s license number. Providing this information will
help the IRS and states identify suspicious business-related returns.

For small businesses looking for a place to start on security, the National
Institute of Standards and Technology (NIST) produced Small Business
Information Security: The Fundamentals. NIST is the branch of the U.S.
Commerce Department that sets information security frameworks followed by
federal agencies.

The United States Computer Emergency Readiness Team (US-CERT) has Resources
for Small and Midsize Businesses. Many secretaries of state also provide
resources on business-related identity theft as well.

The IRS, state tax agencies and the tax industry are working together to
fight against tax-related identity theft and to protect business and
individual taxpayers. Everyone can help. Take steps recommended by cyber
experts and visit the Identity Protection: Prevention, Detection and Victim
Assistance for information about business-related identity theft.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171211/a2d798a7/attachment.html>