United States

Tax-related ID theft and tax data security issues continue to plague IRS


Despite IRS efforts to fortify data security and prevent tax-related identity theft, a malicious automated bot used approximately 101,000 stolen Social Security numbers to attempt to generate e-file personal identification numbers (PINs) through the IRS website in late January 2016.

An e-file PIN is used to electronically file a tax return. These e-file PINs would allow fraudulent returns using the PINs to pass one of the IRS authentication processes, potentially allowing for fraudulent refund claims to be paid and prohibiting the tax returns of the real taxpayers from being processed.

The IRS announced that it was notifying affected filers by mail that their personal information was used to attempt to file the IRS e-file PIN application. To prevent acceptance of e-filed fraudulent returns for these individuals, the IRS has placed an ID theft internal database marker on the affected accounts, requiring further authentication before a refund is paid.

The IRS has encountered a 400 percent surge in phishing and malware incidents so far this filing season.

The IRS recently warned taxpayers in IR-2016-28 of unsolicited emails or texts that appear to be from the IRS and request verification of taxpayer information. Links in the communications lead to authentic-looking fake websites that carry malware allowing illegal access to taxpayer information and activity.

Businesses should make their employees aware of these scams, especially employees with access to sensitive employee data, such as those in human resources and payroll positions.

Patti Burquest


Patti has extensive experience handling IRS examination and appeals matters for all types of business. Reach her at patti.burquest@rsmus.com.

Areas of focus: Tax ControversyWashington National Tax