The tax industry partners who make up the Security Summit are urging practitioners to take a page out of the medical books in order to keep their computer systems healthy: to cure an infection, you first have to know your patient is sick.
In other words, tax pros have to know the signs of data theft if they expect to move quickly to protect their clients.
The Security Summit, which is comprised of IRS officials, state tax agency representatives, and tax industry leaders, says time is critical when there’s a question of identity theft surrounding their data systems. That means immediately contacting the IRS if there’s evidence their data has been compromised, and enlisting insurance or cybersecurity experts to help determine the cause and extent of a possible loss.
“There are tell-tale signs of identity theft that tax pros can easily miss,” said IRS Commissioner Chuck Rettig. “Identity thieves continue to look for ways to slip into the systems of tax pros to steal data. We urge practitioners to take simple steps and remain on the lookout for signs of data and identity theft. They are a critical first line of defense against identity theft.”
Security Summit partners have adopted the theme “Boost Security Immunity: Fight Against Identity Theft,” aimed at urging tax pros to try harder to secure their systems and protect client data. This is reflected by a common comment from tax pros to IRS investigators after data theft: They didn’t immediately recognize the signs they’d been compromised.
What are the signs of possible data theft?
Tax professionals should know the critical signs of data theft:
- Client e-filed returns rejected because client’s Social Security number was already used on another return.
- More e-file acknowledgements received than returns the tax pro filed.
- Clients responded to emails the tax pro didn’t send.
- Slow or unexpected computer or network responsiveness such as:
- Software or actions take longer to process than usual;
- Computer cursor moves or changes numbers without touching the mouse or keyboard;
- Users unexpectedly locked out of a network or computer.
Sometimes, the signs of data theft come to the tax pro from their clients. These “red flags” may come in the form of IRS Authentication letters (5071C, 4883C or 5747C), even though the client hasn’t filed a return. Other signs are a refund when the client hasn’t filed, or a tax transcript they didn’t request.
More warning signs can include:
- Emails or calls from the tax pro that they didn’t initiate.
- A notice that someone created an IRS online account for the taxpayer without their consent.
- A notice the taxpayer wasn’t expecting that:
- Someone accessed their IRS online account; or
- The IRS disabled their online account.
There could, of course, be other examples. Data thieves are a relentless and creative lot. This means tax professionals should have the highest security possible and should not hesitate to contact authorities if they suspect or find something that isn’t right.
What should I do if my data is stolen?
There are steps that tax professionals can take if they—or their office—fall victim to a data theft. But speed is critical; these steps should be taken immediately to mitigate further damage.
Report the theft to the local IRS Stakeholder Liaison.
Liaisons notify IRS Criminal Investigation and other agency officials on behalf of the tax pro. The IRS can take steps to block fraudulent returns in the clients’ names and assist the local practitioner through the process. But speed is vital; data theft must be reported quickly.
Email the Federation of Tax Administrators at email@example.com.
This will get the tax pro information on how best to report the facts of the data theft to their particular state. According to the IRS, most states require that the state attorney general should be notified of data breaches and in some states, this could involve multiple state offices.
For more information on reporting a breach, see Data Theft Information for Tax Professionals.
For help with security recommendations, tax professionals can look over IRS Publication 4557, Safeguarding Taxpayer Data, which has been recently updated. Another good source is Small Business Information Security: The Fundamentals from the National Institute of Standards and Technology.
On the IRS website, IRS.gov, their Identity Theft Central pages have additional details targeting tax professionals, businesses and individuals. Also on IRS.gov, Publication 5293, Data Resource Guide for Tax Professionals, has a full set of compiled numbers on data theft.
– Story provided by TaxingSubjects.com
The Internal Revenue Service says millions of families across the U.S. should see their advance payment of the Child Tax Credit (CTC) in their bank accounts or mailboxes any day now.
This payment is the second in a series of advance monthly payments. The August payment goes out to some 36 million families and is worth about $15 billion. The IRS says the vast majority of taxpayers will get these payments by direct deposit.
Advance CTC payments were made possible by 2021 legislation called the American Rescue Plan that enabled half of the total Child Tax Credit available for qualified taxpayers to be received in a series of equal monthly payments. The other half of the credit is issued as a refund when the taxpayer files their return.
After starting advance monthly payments in July, the Treasury Department will continue to issue monthly payments for the rest of 2021.
Each monthly payment is up to $300 for each child under age 6, and up to $250 every month for children aged six to 17.
The advance payments went to eligible families who filed a 2019 or 2020 income tax return. Returns processed by August 2 are reflected in these payments. This includes people who don’t typically file a return but who successfully registered for Economic Impact Payments in 2020 using the IRS Non-Filers tool on IRS.gov, or who successfully used the Non-filer Sign-up Tool for advance CTC—also available on IRS.gov—during 2021.
Going forward, the IRS expects to issue future payments on September 15, October 15, November 15, and December 15.
The IRS passes along some other important points to remember whether waiting on a payment—or signing up for the credit:
- Families will see the direct deposit payments in their accounts starting today, August 13. Like the first payments, the vast majority of families will receive these payments by direct deposit.
- The IRS wants to alert some recipients who received direct deposits in July that they will receive the August payments by mail. Due to an issue expected to be resolved by the September payments, a percentage of these recipients – less than 15% – who received payments by direct deposit in July will be mailed paper checks for the August payment. For those affected, no additional action is needed for the September payment to be issued by direct deposit. Families can visit the Child Tax Credit Update Portal to see if they’re receiving a direct deposit or paper check this month.
- For those receiving their payments by paper check, be sure to allow extra time for delivery by mail through the end of August. Those wishing to receive future payments by direct deposit can make this change using the Child Tax Credit Update Portal, available only on IRS.gov. To access the portal or to get a new step-by-step guide for using it, visit IRS.gov/childtaxcredit2021. A change made by 11:59 p.m. ET on Aug. 30 will apply starting with the September payment.
- Payments went to eligible families who filed a 2019 or 2020 income tax return. Returns processed by August 2 are reflected in these payments. This includes people who don’t typically file a return but during 2020 successfully registered for Economic Impact Payments using the IRS Non-Filers tool on IRS.gov or in 2021 successfully used the Non-filer Sign-up Tool for advance CTC, also available only on IRS.gov.
- Payments are automatic. Aside from filing a tax return, including a simplified return from the Non-filer Sign-up Tool, families don’t have to do anything if they are eligible to receive monthly payments. The Non-Filer Sign-Up tool is available until October 15, 2021.
- Families who did not get a July payment and are getting their first monthly payment in August will still receive their total advance payment for the year. This means that the total payment will be spread over five months, rather than six, making each monthly payment larger. For these families, each payment is up to $360 per month for each child under age 6 and up to $300 per month for each child ages 6 through 17
- Additionally, the IRS is correcting an issue regarding the advance CTC payments for families where the parent(s) have an Individual Taxpayer Identification Number (ITIN) and the qualifying children have a Social Security number. Such families who did not receive a July payment are receiving a monthly payment in August, which also includes a portion of the July payment. They will receive the remainder of the July payment in late August.
The IRS is also working to correct an issue where parents have an Individual Taxpayer Identification Number (ITIN), but their qualifying children have a Social Security number. Some families fitting this example may have been skipped over for the July payment.
In such cases, the IRS says these qualified families will get a larger August monthly payment that will also include part of the omitted July payment. The remainder of the July payment should be sent in late August.
The Advance Child Tax Credit payments can be stopped at any time.
Sometimes taxpayers determine it’s in their financial interests to get a lump sum when receiving the Child Tax Credit, rather than the advance payments over time. They can stop the payments any time – even after their payments have started.
To unenroll, they can simply use the unenroll feature on the Child Tax Credit Update Portal. When they make that choice, they will still get the rest of their CTC credit as a lump sum when their 2021 income tax return is filed next year.
To stop all 2021 payments starting in September, the IRS says people should unenroll by 11:59 p.m. ET on Aug. 30, 2021.
Married couples must unenroll separately. Monthly payments will stop altogether if they both choose to unenroll. If only one spouse unenrolls, monthly payments of the credit continue, but only at half the previous amount.
Terminating enrollment also comes into play for a family that no longer qualifies for the CTC, or a family that believes they won’t qualify for the credit when they file their 2021 tax return. For example, this could happen if someone else—such as an ex-spouse or another family member—is able to claim their child or children as dependents in 2021.
There’s still time to sign up for Advance Child Tax Credit payments.
Even though two advance CTC payments have gone out, the IRS says it’s not too late for low-income families to sign up. the agency especially invites anyone who isn’t normally required to file an income tax return to go online to IRS.gov and explore the tools available to them.
These tools can help them:
- Determine their eligibility for the advance payments of the Child Tax Credit;
- File a simplified tax return to sign up for advance CTC payments;
- File and sign up for an Economic Impact Payment;
- File and sign up for the Recovery Rebate Credit.
The Internal Revenue Service is encouraging its industry partners and community groups to share their information and to use the IRS’ online tools and toolkits to help non-filers, low-income families, and other underserved groups to sign up for Child Tax Credits when they qualify.
The new advance Child Tax Credit Eligibility Assistant can help people see if they qualify for the advance payments.
Source: IRS: Families now receiving August Child Tax Credit payments; still time for low-income families to sign up
– Story provided by TaxingSubjects.com
New guidance from the Internal Revenue Service seeks to clear the air on the Work Opportunity Tax Credit (WOTC) for employers and gives relief to them as well.
WOTC makes a federal income tax credit available to those employers who hire qualified workers from groups specified in the Internal Revenue Code. These groups are known to face an uphill climb for employment and can include Designated Community Residents or Qualified Summer Youth Employees.
IRS Notice 2021-43 extends the existing 28-day deadline for employers to submit a request to a designated local agency (DLA) certifying new hires are either a Designated Community Resident or a Qualified Summer Youth Employee.
Qualified employees must have been hired between Jan. 1 and Oct. 8 of this year. To qualify, workers have to live full-time in an Empowerment Zone.
Empowerment zones themselves were scheduled to be terminated at the end of 2020, but new legislation allowed them to be extended through 2025.
While all Empowerment Zone designations were extended to Dec. 31, 2025, the relief set forth in Notice 2021-43 gives employers until Nov. 8, 2021 to submit Form 8850, Pre-Screening Notice and Certification Request for the Work Opportunity Credit.
Notice 2021-43 also furnishes guidance to employers who submitted a Form 8850 to a DLA for these employees but were denied because of the original termination of the Empowerment Zones. Relief is also applied to employers who got a certification before the extension of Empowerment Zones went through.
The Work Opportunity Tax Credit can trace its roots all the way back to 1996 and the Small Business Job Protection Act. The WOTC tax credit amounts to a percentage of qualified wages paid in a given year to an employee certified by the Designated Local Agency as a member of one of the specified groups targeted for employment.
– Story provided by TaxingSubjects.com
The Security Summit is this week broadening the scope of its 2021 “Protect Your Clients; Protect Yourself” campaign to include the different types of phishing scams that taxpayers may see in the coming months. This immediately follows the Summit highlighting recent unemployment compensation scams.
(Read more about those scams in “Security Summit Warns of Scams Targeting Unemployment Compensation.”)
Why is the Security Summit warning taxpayers and tax pros about phishing scams?
Now a ubiquitous part of having an email account, phishing scams have steadily added new online platforms to their portfolio over the past few years—and the pandemic has seemingly accelerated that evolution. Since identity thieves continue to see success when deploying these scams, the increasing number of places we will encounter them presents a threat that can’t be ignored.
The good news is that knowing what to look for can help protect your data.
What are the common signs of phishing scams?
According to the Security Summit, “phishing emails or SMS/texts (known as “smishing”) attempt to trick the person receiving the message into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers.” And most tend to do two things:
- Appear to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS.
- Tell a story, often with an urgent tone, to trick the receiver into opening a link or attachment.
Some phishing scams use information about their victims—whether gathered from social media or other easily accessible public sources—to make their messages appear legitimate. The Security Summit says this “spear phishing” is commonly used to tax professionals by impersonating current and prospective clients.
“In a reoccurring and very successful scam this year, criminals posed as potential clients, exchanging several emails with tax professionals before following up with an attachment that they claimed was their tax information,” the Summit warns. “This scam was popular as many tax professionals worked remotely and communicated with clients over email versus in-person or over the telephone because of COVID.”
Like other phishing emails and texts, these often include a link or attachment that can install a number of nasty types of malware that can be devastating to your tax practice:
- Remote access trojan (RAT) to take over the tax professional’s office computer systems, identify pending tax returns, complete them and e-file them, changing only the bank account information to steal the refund.
- Ransomware … [that] attacks the tax pro’s computer system to encrypt files and hold the data for ransom.
So, reconsider clicking any links or attachments you see in emails and text messages—especially those you aren’t expecting. (Heck, you might not even want to click on email links at all!)
Where will I encounter phishing scams?
Phishing existed long before “Internet” became a household term. Just as the name implies, you’re more likely to find success if you drop your line into water that has plenty of fish. That’s why criminals are quick to adopt communication platforms that are highly populated, starting with the mail and phone systems.
While we still get peppered with phishing letters and calls, identity thieves had added emails, text messages, and social media messages to their arsenal. And the Security Summit warns that the transition to remote work has simply increased the volume and type of online scams.
In other words, you and your clients will need to closely scrutinize all digital communications—even those that appear to come from friends and coworkers.
– Story provided by TaxingSubjects.com
A new safe harbor unveiled by the Internal Revenue Service and the Treasury Department lets employers exclude some items from their gross receipts when figuring if they are eligible for the Employee Retention Credit, or ERC.
This new safe harbor is detailed in Revenue Procedure 2021-33 and allows employers to exclude these amounts when calculating ERC eligibility:
- The amount of the forgiveness of a Paycheck Protection Program (PPP) Loan;
- Shuttered Venue Operators Grants under the Economic Aid to Hard-Hit Small Businesses, Non-Profits, and Venues Act; and
- Restaurant Revitalization Grants under the American Rescue Plan Act of 2021.
Employers have to determine whether they qualify to claim the ERC on their quarterly employment tax return. To claim the safe harbor, they only have to leave those specific amounts out of the calculations.
The IRS reminds that when it comes to determining an employer’s eligibility for the ERC, the revenue procedure requires the safe harbor to be applied consistently across all quarters where the retention credit is relevant.
There’s also an all-or-none kind of rule when applying the safe harbor. In situations where several employers are treated as a single employer by aggregation rules, the employer claiming the credit has to apply the safe harbor to the others.
Conversely, employers aren’t required to use the safe harbor and the specified amounts can’t be excluded for any purpose other than calculating ERC eligibility.
The IRS is expanding their guidance
Revenue Procedure 2021-33 updates and expands guidance originally handed down in these publications:
- Notice 2021-20, detailing the ERC in terms of qualified wages paid after March 12, 2020, and before Jan. 1, 2021;
- Notice 2021-23, addressing the ERC relating to qualified wages paid after Dec. 31, 2020, and before July 1, 2021; and
- Notice 2021-49, which applies to qualified wages paid after June 30, 2021 and before Jan. 1, 2022.
To claim the ERC on their regular quarterly employment tax return, employers generally use Form 941, Employers Quarterly Federal Tax Return. If filing an adjusted return, Form 941-X, Adjusted Employer’s Quarterly Federal Tax Return or Claim for Refund is generally used.
There may yet be more to come on the safe harbor for the Employee Retention Credit. Both the IRS and the Treasury Department say they are watching for new legislation and promise to update resources when it’s available.
– Story provided by TaxingSubjects.com