What is a Written Information Security Plan?
(WISP)
A WISP is required by federal law for all tax preparers to protect clients’ data.
Failure to create and implement a WISP may result in an investigation and potential penalties for negligence.
What is Stolen Identity Refund Fraud?
(SIRF)
A crime where thieves use stolen personal information to file fake refund claims.
Both businesses and individuals can be targeted by SIRF.
What should a taxpayer do if their e-file return is rejected due to a duplicate filing under their SSN?
- Complete IRS Form 14039, Identity Theft Affidavit.
- Request an IP PIN.
- Continue to pay taxes and file tax returns, even if by paper.
How can a taxpayer request an Identity Protection PIN?
(IP PIN)
Apply through their IRS individual online account or use Form 15227 if unable to establish an online account.
Form 15227, Application for an IP PIN
The IP PIN is valid for one year and is reissued annually.
True or False:
Employment-related identity theft can affect both individuals and business entities.
True
This type of fraud occurs when someone uses another’s SSN or personal information to obtain employment.
List some warning signs that a taxpayer’s SSN has been compromised.
- Return rejection
- Unexpected IRS notices
- Inquiries about a nonexistent business
- Unrequested refunds or transcripts
- Unknown wages
- Changes in benefits
What is the first step a taxpayer should take if they receive an IRS notice about identity theft?
Respond promptly to the notice and contact the IRS or a tax professional for assistance.
What is business identity theft?
The use of a business’s identifying information to obtain tax benefits or file fraudulent business returns.
How can businesses avoid becoming victims of identity theft?
- Be suspicious of unsolicited communications
- Verify email requests by contacting companies directly
- Install and maintain security software
- Report data breaches to the IRS
What are social engineering attacks?
Attacks where an individual uses social skills and human interaction to obtain information about an organization.
Attackers may pose as company executives or employees to gain access to sensitive information.
Fill in the blanks:
Phishing attacks use ______ or ______ ______ to solicit personal information by posing as a trustworthy person or organization.
email; malicious websites
What is phishing?
A cyber attack where an attacker sends an email from a seemingly reputable source to obtain sensitive information from users.
Which organizations might phishing emails impersonate to exploit victims?
- Credit card companies
- Banks
- Financial institutions
- Charities
True or False:
The IRS will ask for personal information through email.
FALSE
What should be done with suspicious tax-related phishing emails?
Report them to phishing@irs.gov.
What are some signs of potential identity theft related to tax administration?
- More than one tax return filed.
- Balance due or refund offset for a year not filed.
- Wages from an unknown employer.
What is the maximum number of refunds that can be deposited into a single financial account?
Three refunds
What actions are prohibited under Circular 230 regarding taxpayer refunds?
Tax preparers depositing part or all of their clients’ refunds into their own bank accounts.
What should tax professionals do if they experience a security incident?
Report the incident to the IRS within one business day (24 hours).
What are security controls?
Management, operational, and technical safeguards used to protect the confidentiality, integrity, and availability of clients’ information.
List some examples of security controls.
- Locking desk drawers and file cabinets.
- Requiring passwords for computer files.
- Using encrypted flash drives.
- Shredding paper with taxpayer information.
What is the Gramm-Leach-Bliley Act ‘safeguards rule’ requirement for tax preparers?
It requires tax preparers and others who engaged in providing finanial products or services such as preparation and filing of tax returns, to ensure the security and confidentiality of their customers’ records and information.
What are the penalties under IRC §7216 for disclosure of taxpayer information related to identity theft?
Maximum fine of $100,000 for violations related to identity theft.
IRC §7216 is a criminal penalty
What is the penalty under IRC §6713(b) for disclosure of taxpayer information related to identity theft?
$1,000 per disclosure with an aggregate maximum per year of $50,000.
IRC §6713 is a civil penalty.
-
Essential Tax Law Updates for Representation12
-
Unit 1: Legal Authority of the IRS30
-
Unit 2: Practice Before the IRS31
-
Unit 3: Authorizations and Disclosures31
-
Unit 4: Circular 230 and Best Practices31
-
Unit 5: Practitioner Standards and Tax Advice28
-
Unit 6: Due Diligence for Refundable Credits and HOH Filing Status19
-
Unit 7: Recordkeeping Requirements and Penalties51
-
Unit 8: Practitioner Misconduct23
-
Unit 9: Tax Payments and IRS Collections48
-
Unit 10: The IRS Examination Process32
-
Unit 11: IRS Appeals and the U.S. Tax Court19
-
Unit 12: The IRS E-File Program29
-
Unit 13: Identity Theft and Safeguarding Taxpayer Data25
