The Engines of Tax Fraud: Stolen Business EINs
How the IRS’s e-file system creates opportunity for con artists
Facts:
An employer identification number (EIN) is to your business what a social security number (SSN) is to you as a consumer — acting as a unique identifier for all things tax-related.
Unfortunately, EINs are not protected in the same manner as SSNs, and finding a company’s tax ID number is relatively easy for business identity thieves.
In its most basic form, stolen EINs are used to file fraudulent tax returns — by reporting false income and withholding — in order to receive tax refunds.
As the IRS continues to rely on outdated filing systems, the government is hemorrhaging more and more money to this kind of fraud every year.
A Cautionary Tale
The returns were often handwritten. The income — purportedly from lottery winnings and bonds — had been faked. And yet, the IRS shelled out over $3.4 million to Mr. Edmonson and his daughter before wising up to the fraud.
Big-sum payouts from the IRS to individuals like the Edmonsons are not uncommon. In fact, the tax agency estimates that, in the year 2016 alone, it paid out nearly $1.7 billion in invalid refunds.
Mr. Edmonson and his daughter, Danielle, began filing a series of bogus tax returns in 2015. Over the course of the next four years, the duo claimed that the IRS owed them over $175 million in withheld income.
In response, the IRS — which employs both automated and manual screening practices to “ferret out” fraudulent tax returns — wrote the Edmonsons three separate checks:
One for $239,700 in 2015.
Another for $2.5 million in 2016.
And one final check for $750,000 in 2018.
Eventually, the U.S. government caught on and arrested the criminal pair. But the crude nature of their scheme — documented in the form of handwritten tax returns and doctored Grenadian bonds — points to a major flaw in the current system. Between quickly paying out taxpayer refunds and trying to verify the information provided, the IRS seems unable to keep up. Meanwhile, fraudsters are intent on gaming the system for as long as they can.
The Larger Scheme At Play
A business EIN — also known as a federal employer identification number — is, in many ways, just like a social security number. Companies are required to provide it when opening bank accounts, applying for loans and corporate credit, processing payments, filing state and federal taxes, along with a host of other routine business activities.
Because of this, EINs are highly sought after by business identity thieves. Armed with an organization’s name, address, and EIN, these criminals can commit numerous crimes without exposing their true identities. Among the most lucrative of these is filing fraudulent tax returns.
Source: The New York Public Library on Unsplash
For individuals, reporting income to the IRS requires attaching a W-2 form to their completed tax return. This form is used to assist the IRS in verifying wages earned for the year and the percentage withheld. This information can be filed electronically — using the IRS e-file system — or sent via mail to the agency’s headquarters. Worth noting is that an actual W-2 document is often not required when filing online, as this information can be manually entered into a digital form.
Criminals like to exploit this system by frequently filing fraudulent tax returns with false information. Typically, none of the reported income has actually been earned. However, by reporting nonexistent wages and tax withholding, these returns make it appear as if the individual is entitled to a tax refund.
The trick to successfully executing this scheme is to make the fraudulent wages and withholding look as if they came from a real employer. And that’s where EINs come into play.
How It Works
Step One: Obtain a valid employer tax ID.
The IRS has certain processes in place to verify the validity of EINs listed on W-2 forms. For instance, the agency’s e-file system will instantly reject any tax returns containing a fictitious EIN or a number that was entered incorrectly. While this security measure isn’t foolproof, it does filter out a good percentage of invalid company identifiers. That said, there are currently no measures in place to detect stolen EINs. So long as the IRS can confirm that the EIN was legitimately issued and belongs to an existing business, they will go ahead and process the return.
This is great news for tax fraudsters, as business EINs are easy to find for those who know where to look. Some are openly published on company websites, while others can be stolen off of business credit reports or the online portals of certain government agencies. Once these unique identifiers have been acquired, the main part of the scheme can commence.
Step Two: File as many bogus tax returns as possible, before January 31st.
Each year, employers must send copies of W-2 forms to the Social Security Administration. These forms report employee wages and tax withholding for the previous calendar year. Companies must also provide W-2s to all employees from whom income, social security, or Medicare taxes were withheld. What’s important to note here is the deadlines for this whole process:
January 31st: Deadline to distribute W-2 forms to employees
February 29th: Deadline to file using paper W-2s
March 31st: Deadline to e-file using Business Services Online
April 15th: Deadline for employees to file their individual tax returns
If any of these dates fall on a Saturday, Sunday or legal holiday, the deadline is the next business day.
Because the IRS does not begin to receive and match W-2 information until after the January 31st deadline, criminals will go ahead and file their fraudulent returns as early as possible. (This is done the same way as filing a legitimate tax return; the only difference is the use of stolen employer information.) By filing well in advance of the victim companies, the criminals are banking on the fact that it will take some time before the IRS is able to compare the reported wage and income information to the actual wage and income information. With any luck, the fraudulent individual tax returns will be processed before that happens, and the refunds already paid out.
752,656 bogus federal tax returns were filed in 2011 using 277,624 stolen EINs. The total payout? More than $2.2 billion — demonstrating just how effective tax fraud can be.
Take Steps to Protect Yourself
With a few simple tips, you can keep yourself and your company safe from business identity theft and tax fraud. And while it’s smart to keep a close eye on credit profiles, the best thing you can do as an EIN holder is to protect that tax ID the same way you would your social security number, which brings us to our first tip:
Treat and protect your business EIN as you would your own social security number. While there are many circumstances in which a business must provide its EIN, attempt to limit disclosure of this sensitive information as much as possible. As for those instances when disclosure is necessary, be sure to verify the authenticity of the solicitor before you hand over any details about your company.
Keep all documents containing business information or business identifiers in a safe, secure location. Protect and secure any hard copies of business identifiers, account numbers, and other sensitive information, so that it doesn’t fall into the wrong hands. Avoid storing these details in or near employee workspaces, public access areas, waste and shred receptacles, even filing cabinets. Furthermore, make a mental note of anyone who may be able to view or access these documents, whether they are authorized or not. This can include clients and customers, visitors, contractors, cleaning crew personnel, etc.
Securely shred old or unnecessary documents that contain sensitive company details. These documents may include business license numbers, business registrations, EIN / TIN, or account numbers. Consider using a cross-cut, confetti-cut, or diamond-cut shredder for extra security. Alternatively, you can hire a service that offers secure document destruction. Any documents that need to be shredded should be placed in a secure locking receptacle or locked storage room that isn’t accessible to unauthorized persons.
Final Thoughts and Updates
Because individual tax returns and W-2 reporting is often taken at face value by the IRS, victimized companies — from which EINs were stolen and misused — have no idea that the fraud has taken place until much later.
Once the necessary documents have been submitted by both employers and employees for review, the IRS can finally identify mismatched calculations and discrepancies between parties. But rather than pointing the finger at the individuals who filed the bogus returns, the tax agency holds the unsuspecting business responsible for the deficiency. This can lead to demands for immediate payment to rectify the situation, so that the IRS can balance its books and call it a day.
The amounts demanded in these situations can cost companies anywhere from tens of thousands to hundreds of thousands of dollars. To make matters worse, both the business and its owner must also undergo an investigation by state and federal tax agencies, as well as the Social Security Administration. Each of these agencies requires proof that a fraud has occurred in order to absolve the business of the fraudulent tax liability. And while it is entirely possible to successfully dispute this kind of fraud, such a situation is both time-consuming and unpleasant for victimized organizations and their employees.
Useful Resources
IRS assistance for identity theft victims:
https://www.irs.gov/individuals/how-irs-id-theft-victim-assistance-works
File a report with the FTC:
https://identitytheft.gov/Steps
Checklist for victims of business identity theft:
http://www.businessidtheft.org/VictimAssistance/tabid/90/Default.aspx
Editor’s Note: Have you been affected by fraud? Most people have, in some form or another. If you have a story you would like to share, we’re sure our readers would benefit from hearing it. Please send an email to editor@theconartist.pub detailing your experience, and we will be in touch. Your privacy and any wishes of anonymity will be respected.
Thanks for reading! If you haven’t already, consider joining our community to receive in-depth exposés on the latest scams, hoaxes, and other forms of fraud.