Protect yourself and your clients from identity theft

Instances of tax-related identity theft, both state- and nationwide, are becoming ever more complex. More sophisticated schemes involve data breaches on the preparer level, where a criminal may abuse access to a library of an individual’s past tax returns to file authentic-appearing returns, or reroute refunds on genuine returns to bank accounts of their choice.

Tax Department actions

The Tax Department screens personal income tax returns for identity theft. If we suspect identity theft, we may send your client a letter—Form TR-207, Identity Verification Letter. Based on the response we receive, we may follow up with the taxpayer to request additional verification by phone or by mail. (Note: Our employees will never request wire transfers, gift cards, or password information.)

Client actions

If one of your clients receives correspondence from the Tax Department regarding a return they did not file, they may be a victim of tax-related identity theft.

1. Direct your client to respond to the notice we sent, as requested in the correspondence.

If your client:

• confirms they filed the return, we will ask for certain forms of identification, which may include a copy of both sides of some form of government-issued photo identification and a signed copy of the last page of the tax return. 
   
• states they did not file the return, we will:
  • remove questionable returns from your client's tax account, and
  • flag your client's account, so we know to perform an enhanced review for future returns to ensure their validity.

2. Advise your client to create an Individual Online Services account.

With an Online Services account, your client can monitor their tax filing history for fraudulent returns. 

3. Remind your client to notify federal and other state tax agencies about possible or confirmed identity theft.

Visit the IRS at Taxpayer Guide to Identity Theft for instructions on reporting identity theft to federal agencies; visit your state's tax or revenue website for state-specific instructions.

Tax professional actions         

If multiple clients contact you about correspondence from the Tax Department regarding returns they did not file, you or your tax preparation service may be the victim of a data breach. 

1. Notify us if you believe your organization has been affected by a breach. 

Once we're notified, we can:

• create systematic protections to cover any affected clients even before fraudulent returns are filed, and
• more accurately identify questionable returns that we've already received. 

You can contact us:

• by fax (preferred): 
  • 518-435-2990
  • ATTN: IDENTITY VERIFICATION UNIT
• by mail:
  • IDENTITY VERIFICATION UNIT
    PO BOX 4128
    BINGHAMTON NY  13902-4128
    
  • If you are not using U.S. Mail, see Publication 55, Designated Private Delivery Services.
• by phone:
  • 518-485-6549, Monday through Friday between 8:30 a.m. and 4:30 p.m.
• online:
  • Report fraud, scams and identity theft

2. Notify federal and other state tax agencies about the possible or confirmed breach.

Visit the IRS at Taxpayer Guide to Identity Theft for instructions on reporting identity theft to federal agencies; visit your state's tax or revenue website for state-specific instructions.

If you do not notify state and federal agencies or address the breach, it could result in financial damages and liability for you and your clients, and help a criminal continue to exploit your clients in the future.