Your clients may soon wonder if their key ID information is in criminal hands after headline hacks such as Equifax – a data break-in potentially affecting 143 million people, revealing Social Security numbers, driver’s license data and birth dates. According to the Federal Trade Commission, identity-theft complaints declined slightly from 2015 to 2016 (the latest year statistics are available), with 399,225 complaints of ID theft.

A little less than a third of those consumers reported that their data was used to commit tax fraud. Authorities also fear that the Equifax information may surface most strongly this coming tax-filing season, when criminals will use phony information to file tax returns and steal refunds.

Tax-related ID theft is when your client’s SSN has been compromised on any tax filing, such as phony tax returns or false W-2 forms. “IRS systems are set up to accept one return per year per tax ID number/SSN. Any subsequent returns filed by others will be rejected,” says Janet Lee Krochman, CPA in Costa Mesa, Calif. (The later your client files before mid-April, the more time for a return to have been filed fraudulently.)

“First, determine whether your information has been comprised,” adds Dr. Sean Stein Smith, CPA, assistant professor in the Department of Economics and Business Lehman College in New York and member of the Financial Literacy Commission. “The IRS has several hotlines that taxpayers can use, and taxpayers should also consult with their CPA or tax professionals to determine next steps.”

Consequences of tax-related ID are numerous, but according to Stein Smith the most damaging can include not just fake tax returns and misdirected refunds but also having information used to open up credit cards or false mortgages or secure loans in your client’s name. “High-net-worth individuals may be potentially targeted for both account takeover and new-account fraud due to the value of their accounts and their good credit profile,” says John Krebs, an attorney with the Federal Trade Commission’s Division of Privacy and Identity Protection, where he currently leads the Identity Theft Program.

Some tax-fraud tip-offs seem obvious. Jessica Grant, tax specialist at Smith & Gesteland in Madison, Wis., knows of a high-net-worth couple who are victims of tax-related ID theft. “A fraudulent return was filed using their SSNs,” she says. “The suspicious activity was that the fraudulent return was trying to claim the Earned Income Tax Credit,” which is granted to low-income taxpayers.

If your client wants to find out if another return has been filed, he or she should contact the IRS or the state taxation agency by phone. If victimized, your client will receive a letter from the IRS or state tax authority with specific instructions as to what to do, a case number and where to send a response or additional documentation. For federal returns, victims are asked to complete Form 14039, “Identity Theft Affidavit.” Once it’s determined that a phony return has been filed with your client’s information, he or she can request a copy of the return by filing a Form 4506-F, “Request for a Copy of a Fraudulent Tax Return.”

(The IRS and state tax departments use mail and not the phone or electronic media to initially contact taxpayers, nor do they request personal or financial information over the phone or electronic media.)

Security measures may also soon slow your clients’ tax processing. For instance, the IRS will issue an e-filing IP (identity protection) PIN to the legitimate taxpayer for electronically filing future returns. “There have been discussions whether everyone should get an IP PIN. I think this will make preparing returns difficult because clients will not let us know their IP PINs,” notes Lawrence Pon, CPA in Redwood City, Calif.