IRS Warns of New Wave of Cyber Attacks that Aim to Take Over Tax Preparers Computers

The IRS has posted a news release (IR-2016-119) to warn tax preparers of a new wave of attacks that allow identity thieves to file fraudulent tax returns by remotely taking over a tax preparer’s computer system.

These cyber-attacks are taking place using remote technology which allows the identity thieves to gain access to a tax preparer’s computer system, access client data, complete and e-file tax returns, then direct the refunds to the criminal’s own bank accounts. The IRS is aware of approximately two dozen cases where tax preparers have recently been victimized.

The victims learned of these thefts while they were reconciling their e-file acknowledgements.

See IRS News Release IR-2016-119 (dated September 2, 2016) for more details on these attacks and what measures tax preparers should take to protect their computer systems.

Also see the IRS Protect Your Clients; Protect Yourself webpage for more information how preparers can help fight identity theft and protect their customer tax return data and their computer systems.

Delay of State Refunds Due to State Tax Identity Theft Prevention

Since identity theft related tax refund fraud has become the biggest problem States face, individuals can expect their State refund to take longer to be direct deposited into their bank accounts than in the past. This is due to the additional fraud measures that all States have instituted this filing season to fight this type of refund fraud.

Some States have indicated that they will be delaying the release of refunds for longer periods of time as follows:

Illinois and South Carolina not issuing refunds until after March 1, 2016

Illinois and South Carolina will not be sending out refunds on any returns filed in January or February until mid-March. For those returns filed after March 1, 2016, the refunds will be sent out within two to three weeks from the date the Illinois or South Carolina individual return is accepted.

For more information see the Illinois and South Carolina websites:

• Illinois Refund Delay Alert
• South Carolina January 19 News Release – Enhanced Efforts to Protect Taxpayers from Refund Fraud

The following States have increased the length of time a refund will be received on electronically filed returns:

• Idaho – Taxpayers can expect their refund about 7 weeks after their return has been accepted. See the Refund Information page on the Idaho State Tax Commission website for more information.
• Georgia – Taxpayers can expect their refund 30 – 45 days after the return has been accepted. See the New Fraud Prevention Measures announcement on the Georgia Department of Revenue website for more information.
• Louisiana – Taxpayers can expect their refund up to 60 days after the return has been accepted. See the January 19 Press Release on the Louisiana Department of Revenue website for more information.
• Alabama – Taxpayers can expect their refund in 8 to 12 weeks from the date their return is accepted. See the Taxpayer Identity Theft Prevention page in the Things to Expect from ADOR in the 2016 Filing Season section on the Alabama Department of Revenue website for more information.
• Hawaii – Taxpayers can expect their refund in 4-6 weeks. Some refunds may be delayed for up to 16 weeks. See the Update on Tax Refunds (January 8, 2016) on the Hawaii Department of Taxation website for more information.

States delaying refunds due to not having W-2s from employers:

• Utah will delay any refunds until March 1, 2016 for individuals whose employer had not filed their W-2s with Utah by January 31, 2016. See the Withholding Tax Changes information on the Utah State Tax Commission website.
• Alabama will delay issuing refunds this year on returns for which the state has not received the W-2(s) from a taxpayer’s employer(s). This means that early Alabama filers will not receive their refunds as quickly as they have in prior years.
• Vermont may not complete the processing of some returns until they receive the W-2 from the individual’s employer, which is not due until February 29, 2016. For more information see the 2016 Filing Season Update page on the Vermont Department of Taxes website.

One last reason for a state refund to be delayed is when the State selects an individual’s tax return for identity verification. When this occurs, a letter is sent asking that the individual verify their identity by going to the State website and answering questions. Once the individual has passed the verification quiz (i.e. they have verified that this is their return), the State will finish processing the return and send out the refund. So it is important that if an individual receives a request to verify who they are that they do it as soon as possible.

IRS Electronic Filing PIN Application Attacked by Malware

The IRS Electronic Filing PIN application was attacked by malware this week. The IRS posted the following on their News page:

===============

The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov. Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate e-File PINs for stolen social security numbers. An e-file PIN is used in some instances to electronically file a tax return.

No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.

IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners.

Based on our review, we identified  unauthorized attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an e-File PIN.

The incident, involving an automated bot, occurred last month, and the IRS continues to closely monitor the web application.

This incident is not connected or related to last week’s outage of IRS tax processing systems.

===============

We will continue to monitor and update you as more information is released.

Additional State Requests/Actions and the IRS IP PIN for the 2016 Filing Season

As the January 19 start date for the 2016 filing season draws near, here are some of the new actions that States are instituting to help fight tax identity theft and refund fraud, as well as an update on the IRS Identity Protection PIN.

Request by States for Driver’s License for the Upcoming Filing Season
As part of their continuing effort to combat tax identity theft and fraud, States will be requesting additional information be included with the tax return to help them confirm that the return they are receiving is truly the taxpayer’s. Providing the requested information will help ensure that the taxpayer’s tax refund will go to them and not to an identity thief.

One piece of information that nearly all States will be requesting is information from the taxpayer’s and spouse’s driver’s license or state-issued identification card. Although a return will not be rejected if the requested information from the driver’s license or state identification card is not present in the taxpayer’s return, not providing this information may delay the processing of the return and cause a delay in receiving any refund associated with the return.

Other State Actions to help Prevent Identity Theft and Tax Fraud
Below are some examples of new processes put in place by Illinois, Alabama, and Virginia that begin in the 2016 filing season:

• Illinois will not be sending out refunds on returns filed in January and February until mid-March. For those returns filed after March 1, 2016, the refunds will be sent out within two to three weeks from the date the Illinois return is accepted.
  See the Illinois Refund Alert on the Illinois Revenue website for more information.
• Virginia has begun to issue 7 alphanumeric Personal Identification Numbers (PINs) to Virginia taxpayers who have been identified as victims of identity theft. If a Virginia taxpayer is issued a PIN they must enter it on their Virginia individual income tax return to ensure that it is processed in a timely manner.
  See the Tax Related Identity Theft Prevention page on the Virginia Department of Taxation website for more information.
• Alabama will delay issuing refunds this year on returns for which the state has not received the W-2(s) from a taxpayer’s employer(s). This means that early Alabama filers will not receive their refunds as quickly as they have in prior years.

IRS Identity Protection PIN (IP PIN)
Beginning with the 2016 filing season, the IRS requires that an identity protection PIN (IP PIN) be entered on the 2015 tax return if an individual that is claimed as a dependent on a tax return has received an IP PIN from the IRS. Otherwise, the IRS will reject the tax return.

As a reminder, the IRS issues IP PINs to individuals who have had an identity theft indicator applied to their IRS tax account. These individuals will receive the IP PIN via IRS notice CPO1A this month (January).

Important Note: Due to an error, the IRS is emphasizing that all IP PINs that are contained in the CP01A notices that an individual receives this month (January) are for filing the 2015 tax return even though the notices incorrectly state they are for filing the 2014 tax return.

Other things to know about the Identity Protection PIN:

• If an individual loses their IP PIN, the original can be retrieved via the online IRS Get an Identity Protection PIN tool on the IRS website.
• Individuals who had an IP PIN in 2015 (for Tax Year 2014) should have received a new 6 digit IP PIN from the IRS this month (January) via IRS notice CP01A.
• When the taxpayer’s, spouse’s and/or dependent’s IP PIN is entered in the CrossLink program, they will be transmitted to the IRS as part of the Form 1040. The taxpayer’s IP PIN will print on Form 1040 in the area designated in the signature area. The Spouse’s and Dependent’s IP PIN will not print on the Form 1040 because the IRS has not included a place for them on the printed Form 1040.
• The IRS may also invite an individual to get an IP PIN by sending them a letter because their account met specific criteria that made them eligible to receive an IP PIN.

See the Identity Protection PIN page and the IP PIN FAQ page on the IRS website for more information.

IRS, States, and Tax Industry Announce New Steps to Help Public Protect Personal Data in order to Prevent Tax Identity Theft

The IRS has just announced their new “Taxes. Security. Together.” campaign which is designed to help raise public awareness about how their use of the internet and their personal devices can affect the safety of their financial and tax data. It will urge individuals to take active steps to protect themselves and make them aware of just how sophisticated identity thieves have become.

Included in the “Taxes. Security. Together.” campaign is information about how the IRS, state tax administrators, and the tax software industry are implementing an expanded series of protections for the upcoming 2016 filing season to address tax related identity theft. These added protections will include asking individuals for additional information that will be included with their tax return. The additional information will help government agencies ensure that the return they are accepting is truly the taxpayer’s and not one that is being filed by someone who has stolen their identity.

The “Taxes. Security. Together.” campaign is a direct result of the IRS Security Summit, a collaborative effort started in March 2015 between the IRS, states, and the tax industry to help fight tax identity theft (of which CrossLink Professional Tax Software has been a part of).  This joint campaign will include YouTube videos, weekly Tax Tips, and local events across the country. This information will also be included on state websites and by the professional tax software community during this upcoming filing season.

For more information on this campaign, see the following on the IRS website:

• Taxes. Security. Together webpage – Explains how taxpayers, tax preparers, and businesses can help fight tax identity theft.

• IRS News Article 2015-129 (IRS, States and Tax Industry Announce New Steps to Help Public to Protect Personal Tax Data)

• IRS Fact Sheet 2015-23 (IRS, States and Industry Partners Provide Update on Collaborative Fight Against Tax-Related Identity Theft)

• IRS News Article 2015-117 (IRS, States, Industry Continue Progress to Protect Taxpayers from Identity Theft)

IRS, Industry, and State Security Summit and Collaborative Effort to Fight Identity Theft

The IRS joined with representatives of the tax software industry and state tax administrators on June 11, 2015 to announce the new collaborative effort to help protect the nation’s taxpayers from identity theft and tax fraud.

CrossLink has been part of this effort for the past three months and looks forward to being part of the continuing partnership with other tax industry companies, the IRS, and states in the months ahead to help combat the growing impact of identity theft to the federal and state tax systems.

This effort began in March 2015 with the establishment of three teams that focused on developing ways to improve tax return authentication and validation, information sharing between the industry, IRS, and states, and fraud detection and assessment of risks in order to develop strategies in preventing emerging threats.

The members of the IRS Security Summit agreed to several new initiatives in the following areas:

• Taxpayer authentication - Industry and government groups identified numerous new data elements that can be included with the return to help authenticate the taxpayer and detect identity theft fraud.
• Fraud detection - An agreement was made to expand the sharing of fraud leads between industry and government.
• Information assessment - The groups will look at establishing a formalized Refund Fraud Information and Assessment Center to more efficiently share information between the public and private sector to help identify fraud schemes and reduce the risk to taxpayers.
• Cyber-security framework - Industry agreed to align with the IRS and states under the National Institute of Standards and Technology cyber-security framework to promote the protection of the information technology infrastructure.
• Taxpayer awareness and communication - A joint effort between the IRS, states, and industry to increase the effort to inform taxpayers and raise awareness of the importance of protecting taxpayers’ sensitive personal tax and financial data to help prevent identity theft and refund fraud.

To learn more about this new IRS, industry, and state collaborative effort to fight identity theft and protect taxpayers, see the following on the IRS website:

• IRS news release on IRS, Industry, and State Security Summit
• 2015 IRS Security Summit Report
• IRS Security Summit page

IRS Security Summit Working Group Kick-Off Meeting

The tax software industry, IRS, and state tax administrators will be holding their kick-off meeting to discuss ways to address identity theft, refund fraud, and data security on April 2, 2015 in Washington, D.C. The goal of these working groups is to collaborate on finding solutions that will help mitigate identity theft in the tax system.

Petz Enterprises is glad to be part of this discussion and happy that IRS Commissioner Koskinen is making identity theft a priority.

Our goal has been, and will continue to be, bringing whatever resources are necessary to help combat tax related identity theft. By working with the IRS and state tax agencies, we will continue to be at the forefront of this issue.

Our customers have benefited from the security features that we have included in our product to help protect them from this very serious problem, and we will continue to look at adding more in the future.

We are looking forward to working with the IRS, State governments, and other members of the tax industry to help address the issue of identity theft and security in these working groups over the next few months.

New IRS Direct Deposit Limits

Beginning with the upcoming filing season the IRS will be limiting the number of refunds that may be electronically deposited into a single financial account or pre-paid debit card to three.

Any subsequent deposits will be automatically converted to a paper refund and mailed to the taxpayer at the address shown on the federal return.

If this occurs, the taxpayer will be sent a notice informing them the reason why the refund will not be direct deposited and that they will receive a paper check in approximately four weeks.

This new procedure has been instituted as part of the IRS’ continuing efforts to combat fraud and identity theft.

To read more about this new limitation on direct deposits see the Direct Deposit Limits page on the IRS website.

Changes to the IRS Identity Protection PIN Program for the 2014 Filing Season

The IRS is making the following changes to their Identity Protection PIN program for the 2014 Filing Season:

• If the spouse receives an Identity Protection PIN (IP PIN), they must include it on their electronically filed federal return. If it is not included or is entered incorrectly, the return will not be accepted by the IRS.
  The taxpayer will continue to also be required to include their IP PIN on their federal return as they have since this IRS program began two years ago.
• If the taxpayer and/or spouse lose or misplace their IP PIN they will need to get their original IP PIN via the new online IRS Identity Protection PIN system on the IRS website.
  In order to obtain their original IP PIN the taxpayer and/or spouse will need to go through a registration process to validate their identity. This process is to ensure that the IP PIN is being given to the correct taxpayer and to protect the taxpayer's personal and tax information.
  For taxpayers who are unable to use the online tool, or do not want to use it, they can obtain a replacement IP PIN by calling the IRS at 1-800-908-4490, extension 245. If a taxpayer receives a replacement IP PIN, the processing of their return and the issuance of their refund will be delayed.

Other things to know about the IRS Identity Protection PIN program are:

• The IRS will be issuing 1.2 million Identity Protection PINs for the upcoming season. IP PINs are issued to all taxpayers that have had an identity theft indicator applied to their IRS tax account.
• Affected taxpayers should have received IRS Notice CP01A from the IRS in December 2013. This notice includes their 6-digit IP PIN and information on the use of it.
• The Identity Protection PIN received by the taxpayer and or spouse in December 2013 is only valid for use on their 2013 federal individual return. Those who received an IP PIN for 2013 will receive a new IP PIN each year for as long as their IRS account has an identity theft indicator associated with it.
• When the taxpayer and/or spouse IP PIN is entered in the CrossLink professional tax software program, they will be transmitted to the IRS as part of Form 1040. The taxpayer's IP PIN will print on Form 1040 in the area designated for this purpose in the signature area. The spouse's IP PIN will not print on the Form 1040 because the IRS did not add it to the printed Form 1040 for tax year 2013.

For more information see the following:

• Understanding Your CPO1A Notice for more information about the IRS Identity Protection PIN and a copy of what this notice looks like and tells the taxpayer.
• IRS Identity Protection PIN Frequently Asked Questions
• Lost or Misplaced IP PINs page on the IRS website for further information on what to do if the taxpayer loses or misplaces their IP PIN.

Update on IRS Identity Theft Crackdown

The IRS, in conjunction with the Justice Department and other Federal, state, and local agencies, has intensified their efforts at preventing, detecting, and resolving identity theft and refund fraud. Read more

The identity theft and refund fraud effort has involved 734 enforcement actions in January involving 389 individuals. The effort included 109 arrests, 189 indictments and complaints, and 47 search warrants. Read more

In addition, the IRS began a special compliance effort that began on January 28, 2013. IRS auditors and criminal investigators will visit 197 money service businesses to help make sure that these businesses are not assisting identity thieves or refund fraud when cashing checks. These compliance visits took place in 17 high-risk areas identified by the IRS which included: New York, Philadelphia, Atlanta, Tampa, Miami, Chicago, Houston, Phoenix, Los Angeles, San Diego, El Paso, Tucson, Birmingham, Detroit, San Francisco, Oakland, and San Jose. Read more

Click here to read the entire CrossLink Tax Update about the IRS identity theft crackdown.