Tax Identity Theft and IRS Fraud Prevention
Tax identity theft occurs when a fraudster uses a stolen Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN) to file a fraudulent federal tax return and claim a refund before the legitimate taxpayer files. This page covers the definition and regulatory scope of tax identity theft, the mechanisms through which it operates, the most common fraud scenarios, and the boundaries that distinguish different types of cases. Understanding this threat is essential context for anyone navigating individual income tax filing requirements or dealing with IRS notices and correspondence.
Definition and scope
Tax identity theft is a specific subcategory of identity theft in which a stolen taxpayer identification credential is exploited to commit refund fraud, claim credits, or manipulate employment records with the IRS. The IRS formally distinguishes it from general financial identity theft through its dedicated Identity Theft Unit and the IP PIN (Identity Protection Personal Identification Number) program.
The Federal Trade Commission (FTC) classifies tax identity theft as one of the most reported forms of identity theft in the United States. In its Consumer Sentinel Network Data Book, the FTC documented that government documents and benefits fraud — the category encompassing tax identity theft — accounted for 14% of all identity theft reports in 2023.
Under 26 U.S.C. § 7201 and related provisions, filing a false return is a federal felony. The IRS Criminal Investigation (IRS-CI) division handles prosecution referrals, and convictions can carry sentences up to 5 years per count under 18 U.S.C. § 1028A for aggravated identity theft.
Two primary categories define the scope:
- Refund fraud: A fraudulent return is filed using a stolen SSN to claim a tax refund before the legitimate taxpayer files.
- Employment fraud: A stolen SSN is used by a third party for employment, causing income to be reported under the victim's taxpayer account, often resulting in unexpected tax liability.
How it works
Tax identity theft generally follows a structured sequence that exploits the timing gap in the IRS filing system.
- Credential acquisition: Fraudsters obtain SSNs through data breaches, phishing campaigns, dark web marketplaces, or physical document theft. The IRS notes that breaches at healthcare providers, financial institutions, and schools are common upstream sources.
- Early filing: The fraudulent return is submitted electronically — often in late January or early February — before the legitimate taxpayer has gathered W-2s or 1099s. Because the IRS processes returns on a first-received basis, the fraudulent return often clears before the authentic one arrives.
- Refund diversion: Refunds are directed to prepaid debit cards, temporary bank accounts, or cryptocurrency wallets to complicate tracing. The IRS's Taxpayer Guide to Identity Theft specifically flags prepaid card diversion as a dominant method.
- Rejection of legitimate return: When the actual taxpayer files, the IRS system rejects the return as a duplicate, triggering IRS Notice CP53, CP01A, or related correspondence.
- Resolution process: The taxpayer must complete IRS Form 14039 (Identity Theft Affidavit), which initiates a formal identity theft case and flags the account for an IP PIN issuance.
The IRS's Identity Theft Victim Assistance (IDTVA) function processes these cases, with resolution times historically ranging from 18 to 24 months for complex cases, as reported in annual Taxpayer Advocate Service (TAS) Annual Reports to Congress.
Common scenarios
Scenario 1 — Child SSN exploitation: Minor children rarely file tax returns, making their SSNs low-risk targets for fraudsters. A child's SSN can go unused for years, giving fraudsters repeated filing opportunities before detection.
Scenario 2 — Deceased taxpayer fraud: SSNs of recently deceased individuals are sometimes used before the Social Security Administration (SSA) updates its Death Master File and the IRS flags the account. The SSA publishes the Death Master File through the National Technical Information Service (NTIS).
Scenario 3 — Employment-related SSN misuse: An unauthorized worker uses a stolen SSN for payroll purposes. The IRS then receives Form W-2 income attributed to the victim's SSN, which may trigger notices about unreported income — relevant to anyone reviewing payroll tax requirements or 1099 reporting requirements.
Scenario 4 — Phishing-generated theft: The IRS annually publishes its Dirty Dozen list of top tax scams. Phishing emails impersonating the IRS, fake tax preparer portals, and fraudulent W-2 solicitation schemes consistently appear on that list as credential-harvesting vectors.
Decision boundaries
Distinguishing between types of tax fraud matters for determining which IRS procedure applies and which legal standard governs the case.
| Fraud Type | Primary Victim | Governing Mechanism | IRS Form / Process |
|---|---|---|---|
| Refund identity theft | Individual taxpayer | 18 U.S.C. § 1028A | Form 14039; IP PIN |
| Employment SSN misuse | Individual taxpayer | IRS CP2000 / unreported income | Form 14039; SSA earnings dispute |
| Return preparer fraud | Individual taxpayer | 26 U.S.C. § 7206 | IRS Form 14157-A |
| Fraudulent EIN use | Business entity | 26 U.S.C. § 7201 | IRS Form SS-4 verification |
Return preparer fraud — where a paid preparer files false returns without the taxpayer's knowledge — is governed separately under 26 U.S.C. § 7206 and IRS Form 14157-A. This scenario differs from identity theft in that the taxpayer's own credentials are used, but the return content is falsified. Anyone evaluating preparer credentials should review the enrolled agent credential standards enforced by the IRS Office of Professional Responsibility.
The IP PIN program, expanded by the IRS to all taxpayers (not just confirmed victims) as of 2021, provides a 6-digit annual code required on each return. Enrollment is managed through the IRS's Get an IP PIN tool. Opting in proactively is a structural safeguard available to all filers, independent of prior victimization.
For broader context on how these issues interact with the filing system, the IRS audit process and taxpayer bill of rights pages address the procedural protections available once a taxpayer account is flagged.
References
- IRS Taxpayer Guide to Identity Theft — Internal Revenue Service
- FTC Consumer Sentinel Network Data Book 2023 — Federal Trade Commission
- IRS Dirty Dozen Tax Scams — Internal Revenue Service
- IRS Form 14039 – Identity Theft Affidavit — Internal Revenue Service
- Taxpayer Advocate Service Annual Report to Congress — National Taxpayer Advocate
- 18 U.S.C. § 1028A – Aggravated Identity Theft — U.S. House Office of the Law Revision Counsel
- 26 U.S.C. § 7201 – Attempt to Evade or Defeat Tax — U.S. House Office of the Law Revision Counsel
- 26 U.S.C. § 7206 – Fraud and False Statements — U.S. House Office of the Law Revision Counsel
- SSA Death Master File via NTIS — Social Security Administration / National Technical Information Service
- IRS Get an IP PIN Tool — Internal Revenue Service