Identity theft and your business

Simple steps business owners & individuals can take to help protect themselves from ID theft

Person holding cell phone at laptop
VBJ File

Identity theft can take many forms, but according to a Federal Trade Commission (FTC) report released earlier this year, the most likely form involves your taxes – a fact that has local accounting firms on alert.

The report, which looked at consumer complaints filed in 2015, revealed 45 percent of identity theft cases were tax- or wage-related. The second highest form was credit card fraud (16 percent).

Scott Salsbery, a CPA at Vancouver-based Peterson and Associates, has watched identity theft evolve over the years.

“When I started it was the late 80s [and] there didn’t really seem to be anything called identity theft – certainly not in the amount we have now,” he recalled. “It’s completely changed over that time, and really it’s the last maybe ten years that it’s really become an issue.”

So what’s driving the increase in identity theft?

Ursula Perkins, tax manager at Opsahl Dawson (which has offices in Vancouver and Longview), said changes in technology are making it far easier for hackers to gain access to sensitive information.

Fortunately, there are some simple steps business owners and individuals can take to help prevent ID theft. Experts say simply knowing which scams are popular can be a great way to avoid them.

Both Perkins and Salsbery agreed that there are really only two or three different types of scams happening at the moment, but they will undoubtedly change as the IRS gets better at keeping up.

Phone calls and email phishing are both common and work similarly. Someone claiming to be from the IRS will get in touch by phone and use scare tactics to get people to share sensitive information immediately. Salsbery said he has heard of scammers using phrases like, “you owe us money and we’re suing you,” or “the sheriff is on his way over to arrest you.” Calls like this should never be taken seriously.

“They’re all scams,” said Salsbery. “If the IRS calls you, it will be well-along in a process so that you will already know; you won’t be surprised by an IRS phone call unless you never get your mail.”

The email scams may be a little trickier to catch. They look very official, but the URLs embedded in the email generally lead to dummy sites that are either designed to get potential victims to share sensitive information or equipped with spyware that will automatically download and begin stealing information for the hackers.

“Never ever open things you are not expecting,” advised Salsbery. “Be constantly skeptical of anything you get.”

People receiving emails they are unsure of can double-check the URLs embedded in the email to be sure they link to the correct website. The official IRS website is, so anything that starts differently is not legitimate and should not be followed.

Still, it’s best to avoid opening suspicious emails completely and expect the IRS to communicate primarily through the United States Postal Service.

Additional steps for business owners

While the scams targeting individuals and businesses look the same, business owners may want to take additional steps to protect themselves.

Experts say it’s important to limit the number of employees that have access to information that could be useful to identity thieves, and they should be properly trained in keeping it safe. Additionally, employees who are answering phones or email regularly – especially those who have access to proprietary or sensitive information – should be regularly briefed on popular scams so that when a call or email comes through, the employee will already know to be alert. Counting on employees to know how to protect information and what to watch for can lead to easy to avoid mistakes.

The IRS has also experienced a sharp increase in the number of fraudulent tax return filings. Scammers file for a return long before the actual person whose identity they stole does. When the real return gets filed, the IRS puts a stop on it for an investigation since the return has already be paid out. Fortunately, according to Perkins, “the IRS does eventually catch people, but it’s a big headache and if you have a refund it can take six months or more to get a refund back depending on what’s happened with your social security number.”

The IRS will need victims to prove they are who they say they are and will often ask personal questions that the victim themselves is not sure about like, “What kind of boat do you own?” when the victim in fact has owned several different boats and is unsure which the IRS is asking about. Victims will also need to submit multiple forms of identification, especially if they are unable to satisfactorily answer the verification questions.

Key to avoiding a tax- or wage-related scam is limiting the sensitive information you choose to share. However, the IRS admits that even with the best precautions, information sometimes gets stolen. Checking credit reports with all three major bureaus (Equifax, Transunion and Experian) can reveal a data breach long before tax season and the headache of a delayed return. Additionally, Perkins recommends making sure computers and other devices that may have sensitive information stored on them have strong passwords in case they get stolen.

Identity theft can happen to anyone, but taking basic precautions to protect information, monitoring credit, and taking the time to verify that hyperlinks in emails and callers on the phone are legitimate are simple ways to minimize the damage.

This site uses Akismet to reduce spam. Learn how your comment data is processed.