Does Your Business Take Identity Theft Seriously? How To Avoid The Business Of Scamming

Businesses need to take security threats more seriously. The fourth day of the National Tax Security Week focused largely on this issue and offered ways business practices can optimize security of businesses and deter both business and client identity theft.


You may have never thought that a business’ identity can be stolen; and indeed, it may sound odd at first, but a business has identifying information that is unique to itself. Oddly enough, among the reasons businesses should be wary of potential scammers is that scammers will often file a business’ taxes.


Potential scammers look for little snit-bits of identifying information of the business. Scammers do not need every little detail about a business to gain access, they just need some of the information that is unique to the business to commit business identity theft and file a tax return on behalf of the “business”.


Though these riveting breaches are seldom discussed unless the breach happens to larger corporations (Target in 2013 and Marriott in 2018), the most common cyberattacks are aimed at businesses that have fewer than 100 employees.

In order to curb potential threats, the Federal Trade Commission suggests that businesses adhere to the following guidelines:
• Back up important files;
• Require strong passwords for all devices;
• Encrypt devices; and
• Enable multi-factor authentication whenever possible.


The IRS is also taking precautions to better protect business information from falling into the mischievous hands of scammers. Beginning on December 13, 2020, the IRS will be redacting sensitive information from the business tax transcripts and the summary of corporate tax returns.


Additionally, the IRS is making it easier for businesses that may have had a breach of identity be proactive in these matters by filing Form 14039-B, Business Identify Theft Affidavit (the “Affidavit”). The Affidavit should be filed by the business if any of the following occurs:
• The business receives a rejection notice for an electronically filed return because a return already is on file and the business did not file it;
• Notice about a tax return that the business did not file;
• Notice about Form W-2 filed that the business did not file; and
• Notice of a balance due that the business does not believe is owed.

Although businesses can start being more proactive in ensuring there will not be major security breaches related to taxes, it is important to note that the Affidavit should not be used if the business experienced a data breach that resulted in no tax-related impact. It is also important to remember that the changes the IRS is making does not absolve the business from making the necessary changes to better protect its information.


Fortunately for businesses, there are a number of ways to strengthen the security of a business. Determining the weaknesses posed by your individual business is vital in taking action against scammers. As always, the attorneys at Vandenack Weaver are here to assist you determine potential weakness and implement changes to strengthen your business’ security.

VW Contributor: Justin A. Sheldon
© 2020 Vandenack Weaver LLC
For more information, Contact Us

Circuit Split on Data Breach Litigation

On March 25th, 2019, the Supreme Court denied review of a case involving individuals whose personal information held in a database was breached by hackers. Specifically, the issue was whether the parties requesting review had Article III “standing” to sue due to the database breach.

Standing is the authority of a court to hear a case. For the court to exercise such authority, the court will only hear cases based on events that cause actual injuries or create real threats of imminent harm to individuals who brought the case. The D.C. Circuit Court in its ruling of June 21st, 2019 deepened the split among contradicting circuit rulings. The D.C. Circuit Court ruled the petitioning party had standing to bring the case due to the breach of 21.5 million social security numbers, birth dates, and residency details of former, current, and prospective employees. The court held that, the plaintiff’s fear of facing a substantial risk of future identity theft met the burden to establish standing.

While the Sixth, Seventh, and Ninth circuits have similarly concluded that a heightened risk of identity theft is sufficient for individuals to possess standing to sue; the Second, Third, Fourth, and Eighth Circuits have ruled in the opposite direction. Distinct facts from this  latest data breach case include the nature of the defendant being a federal government agency and the alleged identity of the hacker being a foreign government entity where the breach was executed for purposes other than identity theft. Nonetheless, the D.C. Circuit Court found the federal government agency liable as well as Office of Personnel Management’s (OPMs) third-party vendor, despite the contract between the two parties. The Supreme Court may need to review and rule on this crucial issue in the near future given the current split of authority.

© 2019 Vandenack Weaver LLC

For more information, Contact Us

 

 

Tax Related Identity Theft Awareness

The holiday season is underway and while this is a time for family events and holiday parties, this is also the time that many identity theft scams occur. The Internal Revenue Service (IRS) started the process of alerting taxpayers about potential tax-related identity theft and to provide advice on how to prevent threats to your identity.

For prevention, the initial steps include ensuring use of security software on devices, use of secure wireless networks, and never providing sensitive data when replying to emails, texts, or pop-up ads. For individuals that are hit with tax-related identity theft, it may not become apparent until attempting to file taxes or receiving a notice from the IRS and finding out that a tax return has been filed on your behalf. When this occurs, file a complaint with the Federal Trade Commission (FTC) at https://www.identitytheft.gov/, file a report with the credit agencies, and contact the IRS. Importantly, regardless of the situation, ensure that your taxes are filed and paid, even if it requires filing in paper form.

Taking steps now to add layers of security for your social security number and other sensitive data can help prevent tax-identity theft in the future. If you have questions, please contact the attorneys at Vandenack Weaver LLC.

© 2016 Vandenack Weaver LLC
For more information, Contact Us

 

 

Initial Steps for Victims of Tax Related Identity Theft

As the 2016 tax season comes to a close, many taxpayers may have discovered they were victims of identity theft. Taxpayers often discover that they have been a victim of identity theft after they receive information that a tax return has already been filed using their social security number. If you are e-filing and a return has already been filed, your filing will likely be rejected. If the IRS suspects identity theft, you will receive Letter 5071C, which will request you verify your identity. Such verification can be completed online at https://idverify.irs.gov/IE/e-authenticate/welcome.do.

 After discovering that you have been a victim of identity theft, you should take multiple actions to protect your identity and correct any fraudulent returns with the IRS. It is recommended that you contact the FTC at identitytheft.gov and contact one of the major credit bureaus to place a fraud alert on your credit. If you have received a notice from the IRS or your attempt to e-file a return was denied, you should immediately contact the IRS. If your e-filing has been denied and you believe it is related to identity theft, you must complete Form 14039, Identity Theft Affidavit. Form 14039, a paper copy of your return, and any required payment of tax should be mailed to the IRS.

 If issues persist related to any fraudulently filed tax returns, additional information can be obtained from the IRS’s website, https://www.irs.gov/, or by contacting Vandenack Williams LLC.

© 2016 Vandenack Williams LLC
For more information, Contact Us

New Efforts by the IRS to Detect Identity Theft

The IRS is continuing to make efforts to limit taxpayer victimization from tax scams or identity theft. This year the IRS worked with tax preparers and state governments to identify ways to prevent identity theft related to tax filings. In a recent news release, the IRS announced that following a Security Summit, the IRS and leaders in the tax preparation industry developed new methods for protecting taxpayers.

These methods include the development of 20 data components that will be submitted with a tax return transmission. The IRS will now review for improper or repetitive use of IP addresses and review computer device identification data. Additionally, the IRS identified that it will review the time it took to complete the tax return as a way to detect mechanized fraud. Finally, there will be metadata attached to the transmission that the IRS stated will be used to detect identity theft related fraud.

As part of the Security Summit, major tax preparer software companies, H&R Block, Intuit, TaxHawk, and TaxSlayer all indicated a commitment to protect taxpayer data for the upcoming tax season. For taxpayers using tax preparation software from these companies, they will likely see additional security questions and device recognition upon logging in. These features will be similar to those used in online banking.

For more information, see IRS, States, Industry Continue Progress to Protect Taxpayers from Identity Theft (Oct. 20, 2015), available at https://www.irs.gov/uac/Newsroom/IRS,-States,-Industry-Continue-Progress-to-Protect-Taxpayers-from-Identity-Theft.

© 2015 Houghton Vandenack Williams
For more information, Contact Us