IRS: Watch for latest business identity theft scams targeting Payroll & tax pros

IRS is once again reminding companies to be on the lookout for tax identity theft schemes as part of its annual Security Summit. Correcting business identity theft can be a long, expensive process. So it’s key to take a preventive approach.

Here’s what you and Payroll need to know.

Rundown of how identity theft happens

Right now, cybercrooks are targeting tax pros who use cloud software – which is how many Payroll solutions are powered. They’re using vulnerabilities in the software to access confidential data and use it to file fraudulent business tax returns. And they’re also targeting the personnel info you have on employees to file false personal tax returns or sell employee info (such as Social Security numbers) on the dark web.

One of the most common types of scams Payroll should watch for is spear phishing. Thieves are creating personalized emails designed to fool your team into opening links or downloading attachments that are secretly infected with software they can use to log keystrokes and access company systems.

Even worse: Crooks are attempting to build trust with your team by sending them multiple messages over the course of a few days before asking them to click any links or attachments. So scammers are getting more sophisticated by the day.

Signs & response

Telltale signs your systems might be compromised include cursors on computers that seem to move on their own (without the intervention of IT) or unfamiliar programs suddenly running on servers or hardware. IT may also notice unusual network traffic. Work with your IT pros to root out and contain any suspicious programs ASAP to mitigate the damage.

Also, keep an eye out for signs of business identity theft if your systems have been compromised like this. Payroll may receive unexpected notifications from IRS about returns you’ve filed. Or, your team may get notice that a duplicate return’s already been filed after submitting a return.

Businesses that fall victim to tax identity theft can complete Form 14039-B, Business Identity Theft Affidavit, to report the issues to IRS.

How to prevent issues

To keep these problems at bay, it’s important to remind your Payroll team to be extra careful when opening attachments or clicking on links in email messages – especially if the message is asking for confidential personnel info. Remember that IRS won’t send emails asking for specific tax data.

Any other requests for this info should be carefully vetted before proceeding. When in doubt, have your team make a phone call to double-check the validity of the email first.