Small Businesses: Be Alert to Identity Theft

Small business identity theft is a big business for identity thieves. Just like individuals, businesses may have their identities stolen and their sensitive information used to open credit card accounts or file fraudulent tax returns seeking bogus refunds. To mark “National Tax Security Awareness Week,” the Delaware Division of Revenue, along with the IRS and the nation’s tax industry have joined together to warn small businesses to be on-guard against a growing wave of identity theft against businesses and employers.

In the past year, the Internal Revenue Service noted a sharp increase in the number of fraudulent Forms 1120, 1120S and 1041 as well as Schedules K-1. The fraudulent filings include forms filed relating to partnerships, estates and trusts. Identity thieves are displaying a sophisticated knowledge of the tax code and industry filing practices as they attempt to obtain valuable data to enable them to file fraudulent returns.

Identity thieves have long made use of stolen Employer Identification Numbers (EINs) to create fake Forms W-2 that they file with fraudulent individual tax returns seeking refunds. Fraudsters also used EINs to open new lines of credit or obtain credit cards. Now, they are using company names and EINs to file fraudulent returns for the businesses themselves.

As with fraudulent individual returns, there are certain signs that may indicate identity theft. Those filing returns for corporations, partnerships, estates or trusts should be alert to potential identity theft and contact the IRS if they experience any of these issues:

  • Extension to file requests are rejected because a return with the Employer Identification Number or Social Security number is already on file;
  • An e-filed return is rejected because a duplicate EIN/SSN is already on file with the IRS;
  • An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer;
  • Failure to receive expected and routine correspondence from the IRS because the thief has changed the taxpayer’s address.

New Procedures to Protect Businesses in 2018

The Division of Revenue, the IRS, and software providers share certain data points from returns, including business returns, which help identify a suspicious filing. Delaware and the IRS are asking that businesses and tax practitioners provide additional information that will help verify the legitimacy of the tax returns they file.

For 2018, the “know your customer” procedures that are being put in place include the following questions:

  • Authorized signer – Confirm the name and SSN of the company executive authorized to sign the corporate tax return;
  • Payment history – were estimated tax payments made? If yes, when were they made, how were they made, and how much was paid?
  • Parent company information – is there a parent company? If yes, what is the name of the parent company?
  • Deduction information – Provide additional information based on deductions claimed;
  • Filing history – has the business filed Form(s) 940, 941 or other business-related tax forms?

Individuals operating as sole proprietorships who file Schedule C with Form 1040 and partnerships that file Schedule K-1 with Form 1065 also will be asked to provide additional information items, such as a driver’s license number. Providing this information will help Delaware and the IRS identify suspicious business-related returns.

For small businesses looking for a place to start on security, the National Institute of Standards and Technology (NIST) has produced Small Business Information Security: The Fundamentals. NIST is the branch of the U.S. Commerce Department that sets information security frameworks followed by federal agencies. The United States Computer Emergency Readiness Team (US-CERT) has created Resources for Small and Midsize Businesses.

Take the steps recommended by cyber experts to protect your business, and visit the Identity Protection: Prevention, Detection and Victim Assistance for more information about business-related identity theft.

Seven Steps to Keep Your Tax Information Secure Online

During the online holiday shopping season, the Delaware Division of Revenue is joining with the IRS, other state tax agencies and the tax industry to mark “National Tax Security Awareness Week.” From November 27 through December 1, we’d like to remind people to be vigilant with their personal information. While you are shopping for gifts, criminals are shopping for credit card numbers, financial account information, Social Security numbers and other sensitive data that could help them file a fraudulent tax return.

Cyber criminals seek to turn stolen data into quick cash, either by draining financial accounts, charging credit cards, creating new credit accounts or even using stolen identities to file a fraudulent tax return for a refund. Anyone who has an online presence should take a few simple steps that could go a long way to protecting their identity and personal information.

Here are seven steps to help with online safety and protecting tax returns and refunds in 2018:

  • Shop at familiar online retailers. Generally, sites using the “s” designation in “https” at the start of the URL are secure. Look for the “lock” icon in the browser’s URL bar. But remember, even bad actors may obtain a security certificate so the “s” may not vouch for the site’s legitimacy.
  • Avoid unprotected Wi-Fi. Beware of making purchases at unfamiliar sites or clicking on links from pop-up ads. Unprotected public Wi-Fi hotspots also may allow thieves to view transactions. Do not engage in online financial transactions if using unprotected public Wi-Fi.
  • Learn to recognize and avoid phishing emails that pose as a trusted source such as those from financial institutions or the IRS. These emails may suggest a password is expiring or an account update is needed. The criminal’s goal is to entice users to open a link or attachment. The link may take users to a fake website that will steal usernames and passwords or an attachment may download malware that tracks keystrokes.
  • Keep a clean machine. This applies to all devices — computers, phones and tablets. Use security software to protect against malware that may steal data and viruses that may damage files. Set it to update automatically so that it always has the latest security defenses. Make sure firewalls and browser defenses are always active. Avoid “free” security scans or pop-up advertisements for security software.
  • Use passwords that are strong, long and unique. Experts suggest a minimum of 10 characters, but longer is better. Avoid using a specific word; longer phrases are better. Use a combination of letters, numbers and special characters. Use a different password for each account. If you can’t remember all your passwords, use a password manager, which securely stores the passwords for you.
  • Use multi-factor authentication. Some financial institutions, email providers and social media sites allow users to set accounts for multi-factor authentication, meaning users may need a security code, usually sent as a text to a mobile phone, in addition to usernames and passwords. For added protection, some financial institutions also will send email or text alerts when there is a withdrawal or change to the account. Generally, users can check account profiles at these locations to see what added protections may be available.
  • Encrypt and password-protect sensitive data. If keeping financial records, tax returns or any personally identifiable information on computers, this data should be encrypted and protected by a strong password. Also, back-up important data to an external source such as an external hard drive. When disposing of computers, mobile phones or tablets, make sure to wipe the hard drive of all information before throwing it away.

There are also a few additional steps people can take a few times a year to make sure they have not become an identity theft victim. Receive a free credit report from each of the three major credit bureaus once a year. Check it to make sure there are no credit changes that don’t look familiar. Create a “My Social Security” account online with the Social Security Administration which can be used to see how much income is attributed to your SSN annually. This can help determine if someone else is using your SSN for employment purposes.

The Division of Revenue, the IRS, and the tax industry are committed to working together to fight against tax-related identity theft and to protect taxpayers. Visit the “Taxes. Security. Together.” awareness campaign, or review IRS Publication 4524, Security Awareness for Taxpayers for additional information.

Delaware Personal Income Tax Season Begins January 23

Division of Revenue Director Patrick T. Carter has announced that Delaware tax season will begin Monday, January 23, 2017. Citizens are encouraged to file their 2016 State of Delaware Personal Income Taxes online at www.delaware.gov. This year’s filing deadline is Monday, May 1, 2017.

During the last filing season, the State dealt with a surge of fraudulently filed personal income tax returns, and stopped over $9 million in fraudulent refunds from being issued. In order to better identify fraudulent returns, the Delaware Division of Revenue has created new methods of detecting and preventing fraudulent refunds. However, as a result, the first refunds will not be issued until after February 15, 2017.

This year, Delaware is also urging taxpayers to electronically file their returns. Online filing offers many advantages. Refunds from electronically filed returns are issued on average within 2 weeks, while refunds from paper-filed returns average over seven weeks. Last year, the average time to issue a refund for all tax filing methods combined was just over 20 days.

Delaware offers the following electronic filing options:

  1. Those who don’t need tax preparation software can file for free on the Delaware Division of Revenue website. This online system is extremely user-friendly and available 24/7. The system also allows taxpayers to file their returns and then schedule any payment due closer to the May 1st deadline. Taxpayers may pay their State of Delaware taxes on this system using a credit card or by debiting their bank account.
  2. Those who prefer tax-preparation software can electronically file their federal and state income tax returns for a fee, although these products also offer free-filing options for Delaware taxpayers who meet the following qualifications:
    • Adjusted gross income is less than the software’s established means criteria; or
    • Active-duty military with an adjusted gross income of $60,000 or less (including Reservists and National Guard); or
    • Qualify for the Federal Earned Income Tax Credit (EITC)

For paper-filed returns, the State uses a modernized processing system that identifies tax filings based on the return type. Any taxpayer who files a 2016 tax return using a previous-year return, or who modifies the paper return in some way, will experience significant delays. Paper tax returns will be available at local libraries or for download at www.revenue.delaware.gov.

Because Delaware does not maintain reciprocity agreements with other states, it is important for anyone who is not a Delaware resident – but who has worked in Delaware – to understand that they must file a Delaware tax return. Delaware Residents who work out-of-state are required to file returns with Delaware in addition to the state where they worked.

By law, Delaware employees should receive their W-2 employment forms by January 31, 2017 for any job worked during the 2016 calendar year. Those who haven’t received a W-2 by January 31st should contact their employer.