• Business, Partnership and Estate and Trust Tax Returns and Identity Theft
  • September 22, 2017
  • In Fact Sheet 2017-10 issued by the Internal Revenue Service (“IRS”) on July 25, 2017, “Information on Identity Theft for Business, Partnerships and Estate and Trusts,” the IRS points out that business, partnerships and estate and trust filers are “increasingly targeted by national and international criminal syndicates who use stolen data to file fraudulent tax returns for refunds.”

    The IRS notes a sharp increase in the number of fraudulent Forms 1120, 1120S and 1041 as well as Schedule K-1s. The Fact Sheet points out that the IRS, state tax agencies and the tax industry, acting as the “Security Summit,” are expanding their efforts to better protect these filers and to better identity suspected identity theft returns.

    In the case of businesses, partnerships and estate and trust return filers certain signs may indicate identity theft:

    • Extension to file requests are rejected because a return with the Employer Identification Number or Social Security Number already on file;
    • An e-filed return is rejected because of a duplicate Employer Identification Number (“EIN”) or Social Security Number (“SSAN”) already on file with the IRS;
    • An unexpected receipt of a tax transcript or IRS notice that does not correspond to anything submitted by the filer; and
    • Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.

    For the 2017 filing season, tax software products for the first time shared more than 30 data elements with the IRS and state tax agencies assisting the IRS and states in identifying suspicious returns. For 2018, the data elements will increase, increasing the ability of the IRS and states not only to identify suspicious returns but to reduce “false positives” which will allow legitimate returns to be processed as usual.

    For 2018 tax filings, the IRS will ask those tax professionals preparing business-related returns to step up the “know your customer” procedures. Tax preparation software for business-related returns will ask the following questions:

    • The name and SSN of the company executive authorized to sign the corporate tax return. Is this person authorized to sign the return?
    • Payment history – Were estimated tax payments made? If yes, when were they made, how were they made, and how much was paid?
    • Parent company information – Is there a parent company? If yes, who?
    • Additional information based on deductions claimed
    • Filing history – Has the business filed Form(s) 940, 941 or other business-related tax forms?

    These questions also will help identify suspicious returns.

    Criminals have long used stolen business EINs to perpetrate tax fraud by creating false Forms W-2 or 1099s or to fraudulently claim certain benefits, such as fuel tax credits. However, in the past couple of years there has been an upswing in the filing of fraudulent Forms 1120 and 1120S.

    If the compromised business-return data included Schedule K-1 links, the criminals also will also use the K-1 shareholder’s information to file fraudulent individual returns.

    There has been an increase in fraudulent trust and estate return filings. These identity theft filings involve both existing trust and estates and bogus trusts and estates that were established using stolen individual taxpayer information. As with identity theft filings for individuals the goal of the perpetrators is to obtain a fraudulent refund through the filing of a Form 1041.

    Additionally, in IR 2017-125 the IRS cautioned tax practitioners to be aware of “ransomware”. Ransomware is usually unwittingly planted on a computer or a network through a response to a “phishing” email, a seeming innocuous or ostensibly familiar-on-its-face email to which the recipient responds, or in which the recipient opens a link, which carries the embedded ransomware. The ransomware then locks the computer or network and encrypts it so that it cannot be accessed without a password which must be paid for by the recipient. Information Technology departments and practitioners should focus on educating staff and making sure they understand that not all emails should be opened or links in them accessed. Also, administrator privileges across a network should be granted sparingly.

    In previous newsletter editions from PK Law, an emphasis has been placed on securing information that may result in identity theft. PK Law continues to caution readers about protecting data. For more information about tax professionals and identity theft from the IRS please see Fact Sheet 2016-23 issued July, 2016.