How to protect clients from tax fraud, other financial abuses

The data breach at National Public Data, which exposed 272 million taxpayer identification numbers and 2.9 billion records this summer, has generated substantial risk for tax-related identity theft this tax season. Most taxpayers are now vulnerable to fraudulent tax-return filing and other financial abuses. 

Financial planners now face the challenge of guiding clients through the aftermath of this data disaster by educating them on cybersecurity risks while helping them take practical steps to protect their financial identities.

The NPD breach should concern everyone given the sheer number of TINs exposed along with names, addresses and phone numbers. NPD, a consumer data broker that declared bankruptcy earlier this month in the wake of the breach, also inadvertently shared passwords to its internal systems, allowing hackers to gain access to volumes of sensitive taxpayer data. 

READ MORE: How to protect your clients from identity theft and fraud this tax season

The breach underscores the urgent need for more robust client protection strategies beyond simply recommending credit monitoring. Whether it's through enhanced security measures, ongoing education or technology solutions, financial planners should consider the long-term impact of breaches on their clients' financial picture.

Many fraudulent returns

One of the most severe consequences of identity theft in the aftermath of the NPD breach is the increased probability that criminals will use stolen taxpayer identification numbers to file fake and fraudulent returns. Scammers can claim large refunds long before the legitimate taxpayer files and is aware of an issue. 

The IRS has been actively combating this type of fraud through its stolen identity refund fraud enforcement initiatives. In 2023 alone, the IRS flagged over 5 million suspicious returns, blocking $8 billion in fraudulent refund claims. 

But given the number of TINs exposed by the NPD breach, that figure will likely represent only a fraction of the fraud volume in the upcoming tax season. 

Imagine a scenario in which a cybercriminal files a fraudulent return on Jan. 2, 2025, and your client doesn't file until the extension date of Oct. 15. It's likely that the IRS will not likely detect the fraud until your client's return is filed, by which time their refund money is long gone. Your client and CPA are left to sort out the mess while the IRS investigates the situation.  

Repercussions for individuals and businesses

The abuse of taxpayer IDs can go far beyond a fraudulent refund. 

Criminals can use TINs to engage in a variety of illicit activities such as opening unauthorized credit accounts; applying for jobs (which then generate real taxes for the real taxpayer); and applying for unemployment benefits, Social Security, Medicare or other forms of government assistance. When these fraudulent claims are uncovered, it's often the legitimate taxpayer who is forced to deal with the consequences, including prolonged delays in receiving their rightful benefits or refunds.

READ MORE: $100K is missing from your client's account. Now what?

For businesses, the exposure of employer identification numbers (EINs) can lead to fraud on a much larger scale, given the volume of money that is generated by, or credit offered to, the business. For instance, business owners may find themselves liable for tax filings they never made or even loans that they never applied for. In addition to the financial damage, this may also threaten the operational continuity and reputation of the business.

READ MORE: May I have your SSN? Why too many of us are saying 'yes'

Advisors take the lead

Protecting clients from tax-related identity theft involves a combination of strong security practices, fraud prevention education and solutions to monitor client accounts more effectively. 

Here are a few key strategies that financial advisors can share with their clients.

Enhance security practices. Encourage clients to adopt stronger security measures, including the use of unique, complex passwords, and enable multifactor authentication wherever possible. These steps can help prevent unauthorized access to financial information.

Review IRS notices. Advise clients to regularly review any notices they receive from the IRS. Fraudulent activity sometimes triggers official IRS correspondence and catching these early can help stop fraudulent filings before they progress.

READ MORE: Family offices are ripe targets for cybercriminals; here's how to protect them

Monitor financial accounts. Recommend that clients monitor their bank and credit accounts for suspicious activity. While this doesn't directly relate to tax filings, it's an essential component of overall financial security and can help detect broader patterns of fraud.

File early. The earlier a legitimate return is filed, the less opportunity there is for criminals to submit a fraudulent one in its place.

Vigilance, education and tech tools

While the traditional methods of monitoring and preventing fraud are important, a technology-driven solution can offer a much greater level of protection. Some platforms now provide real-time visibility into IRS account activity, which can detect suspicious behavior like tax return filings, refunds issued or address changes and offer early notification of any IRS identified fraud alerts.

When used as part of a broader strategy, these tools can help advisors stay ahead of potential risks. 

Monitoring solutions can alert advisors and their clients when unusual activity occurs, allowing for quicker responses to potential fraud. It also enhances the advisor's role as a protector of their clients' financial health, reinforcing trust in the advisory relationship. 

However, it's important to stress that these tools should complement — not replace — standard financial security practices. Encouraging clients to adopt a proactive, layered approach to fraud prevention will always be the best defense against identity theft. 

By offering a mix of education, strong security practices and technology-driven solutions, advisors can help mitigate the risks posed by breaches and help safeguard their clients' financial identities. Financial advisors who guide their clients through these challenges demonstrate not only their expertise but also their commitment to protecting their clients' financial security.