Individuals are not the only ones who should be on the lookout for cybercriminals looking to steal crucial financial information in order to commit fraud. Small business is equally at risk as thieves increase their knowledge of the tax code and industry filing practices to obtain valuable information.
“For the self-employed and owners of small businesses, whose time and energies are devoted to growing the company, data security often falls in priority, and it shouldn’t,” said Indiana Department of Revenue (DOR) Commissioner Adam Krupp. “Protecting your business and your clients’ financial data is critical to averting the kind of disaster that could tank your business dreams.”
“The Indiana Department of Revenue hopes to warn small businesses to be on-guard against a growing wave of identity theft against employers.”
Just like individuals, businesses may have their identities stolen and their sensitive information used to open credit card accounts or used to file fraudulent tax returns for bogus refunds.
In the past year, the Internal Revenue Service has noted a sharp increase in the number of fraudulent Forms 1120, 1120S and 1041, as well as Schedule K-1. The fraudulent filings apply to partnerships as well as estate and trust forms.
Identity thieves have long made use of stolen Employer Identification Numbers (EINs) to create fake W-2 Forms to file with fraudulent individual tax returns. Fraudsters also used EINs to open new lines of credit or obtain credit cards. Now, they are using company names and EINs to file fraudulent returns.
As with fraudulent individual returns, there are certain signs to indicate identity theft. Businesses, partnerships and estate and trust filers should be alert to potential identity theft and contact DOR if they experience any of these issues:
- Extension to file requests are rejected because a return with the Employer Identification Number or Social Security Number is already on file;
- An e-filed return is rejected because of a duplicate EIN/SSN is already on file with the IRS;
- An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer;
- Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.
For small businesses looking for a place to start on security, the National Institute of Standards and Technology (NIST) produced an interagency reference guide for cybersecurity specific to small businesses. The guide is intended to present the fundamentals of a small business information security program in non-technical language. For more information, visit www.nist.gov.