Businesses Are Increasingly Targets of Tax Identity Fraud

April 12, 2018|

By Christine Hall

Small business identity theft is a big business for identity thieves. Just like individuals, businesses might have their identities stolen and their sensitive information used to open credit card accounts or file fraudulent tax returns for bogus refunds. As such, small business owners should be on guard against a growing wave of identity theft against employers.

In the past year, the Internal Revenue Service has noted a sharp increase in the number of fraudulent Forms 1120, 1120S and 1041, plus Schedule K-1. These fraudulent filings apply to partnerships as well as estate and trust forms.

Security Summit partners (the IRS, state tax agencies and the private-sector tax community) have expanded efforts to protect business filers better and identify suspected false returns.

Identity thieves display a sophisticated knowledge of the tax code and industry filing practices and have long made use of stolen Employer Identification Numbers (EINs), which they use to create fake Forms W-2. These fake Forms W-2 are then used to file fraudulent individual tax returns.

Fraudsters also used EINs to open new lines of credit or obtain credit cards. Until recently they were only targeting individuals, but now they are using company names and EINs to file fraudulent business returns.

As with fraudulent individual returns, there are certain signs that may indicate business identity theft. Business, partnerships and estate and trust filers should be alert to potential identity theft and contact the IRS if they experience any of these issues:

  • Extension requests are rejected because a return with the EIN or Social Security number (SSN) is already on file.
  • An e-filed return is rejected because a duplicate EIN/SSN is already on file with the IRS;
  • An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer.
  • Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.

New Procedures to Protect Business in 2018

The IRS, state tax agencies and software providers also share certain data points from returns, including business returns, which help identify a suspicious filing. The IRS and states also are asking that business and tax practitioners provide additional information that will help verify the legitimacy of the tax return.

For small businesses looking for a place to start on security, the National Institute of Standards and Technology (NIST) has produced the publication Small Business Information Security: The Fundamentals. NIST is the branch of the U.S. Commerce Department that sets information security frameworks followed by federal agencies.

The U.S. Computer Emergency Readiness Team (US-CERT) has a special section on its website dedicated to resources for small and midsize businesses. Many secretaries of state also provide resources on business-related identity theft as well.

For more information about business-related identity theft, visit the IRS website,, and search for Identity Protection: Prevention, Detection and Victim Assistance.

Leave a Reply