Theft of data and identities remains a threat this tax-filing season, meaning tax preparers need to make sure their IT systems protect private information about their clients.
IT security is crucial considering an ID thief only needs a Social Security number (SSN) to swipe a tax refund by submitting a phony return.
“Advisors and clients might think [the issue] is overblown until something happens to them,” said Julia Carlson, founder and CEO of Financial Freedom Wealth Management Group in Newport, Ore. “This issue highlights an opportunity for advisors to prove their value to their clients.”
According to the Federal Trade Commission, your client may not know the theft happened until the IRS sends a letter saying they’ve received a suspicious tax return with your client’s SSN, or your client tries to electronically file a return that’s rejected as a duplicate. Subsequent problems can include compromised credit ratings and stolen assets.
Despite a steep drop in ID-theft affidavits from taxpayers in recent years, the IRS still put the crime on the agency’s 2019 list of top tax scams. Nearly two dozen tax practitioner firms reported data thefts to the IRS this year as of mid-February.
“Hackers with your information have a shortcut to your computer, your data, your pictures, your money and your life,” said Daniel Morris, a senior partner at Morris + D’Angelo in San Jose, Calif., who added that credit-watching services can help avoid these problems.
Fraudsters often impersonate the IRS, attempting to obtain information or “scare the victim into making an immediate payment on a ‘tax debt,’” said Brian Schultz, a Southfield, Mich.-based partner in Plante Moran’s wealth management tax practice.
One of the most recent scams involved emails supposedly from the IRS informing the recipient that records showed the taxpayer might be a non-resident alien. The recipient, the email claimed, needed to send in a copy of identification, such as a passport.
“They often try to target your emotions while ratcheting up the urgency. If it’s an email, do you have to click the link? Does it match the website of the company that’s emailing you? Are there foreign or vanity domains in the URL? Spelling or grammatical errors in the message?” said Steve Pfundstein, IT director at Summit Financial in Parsippany, N.J. “If an email or call seems suspicious or out of the norm, take a moment to assess the situation.
“Ask tax preparers what they’re doing about security in their business. See how they answer,” he added. “If they brush it off, I’d see that as a huge red flag. They should be able to describe the new things they’ve put in place to help protect your data.”
Clients should ask if they can upload onto a secure server on the preparer’s website “or be old-fashioned and drop off documents,” Carlson said.