by Socheata Ten EA, LLC | Dec 10, 2021 | Tax Tips and News
Tax professionals have been in the crosshairs of cybercriminals for some time now, and it’s only getting worse. Now, the crooks are casting their nets, not only for client data, but to snare vital data of the tax pros themselves.
The Internal Revenue Service says this newest group of targets include the tax professional’s Electronic Filing Identification Number, or EFIN.
This sets up a very scary scenario: If just one tax practitioner is compromised by a hacker or an identity thief, the effect is like tossing a rock into a pond. The initial impact may be thought to be small, but the resulting waves take in a lot of ground as they spread.
One tax office breach can lead to the theft of data for thousands of taxpayers.
Protect yourself from cybercriminals
One of the best ways to protect against illegal activity is actually very simple: Check your IRS e-Services account regularly, to see how many federal returns have been submitted using your EFIN. It’s a vital safeguard that shouldn’t be overlooked during tax season.
If the number of returns shown online doesn’t agree with the tax pro’s records—or if anything else seems suspicious—they should call the IRS e-help desk at 866-255-0654.
Tax pros who don’t already have an e-Services account can go online to e-Services on IRS.gov and register for one.
Beyond checking one’s EFIN, there are a number of “best practices” we should all be using to keep data secure. These include using strong anti-virus software, insisting on strong and unique passwords, and using two-factor authentication whenever possible.
But that’s not all:
- Learn to recognize and avoid phishing scams; do not open links or attachments from suspicious emails, most data thefts begin with a phishing email.
- Secure all devices with security software and let it automatically update.
- Use strong passwords of eight or more mixed characters; use phrases that are easily remembered, and password protect all wireless devices.
- Encrypt all sensitive files and emails and use strong password protections.
- Backup sensitive data to a safe and secure external source not connected fulltime to the network.
- Wipe clean or destroy old computer hard drives that contain sensitive data.
For more information on keeping EFINs secure, check out Publication 3112, IRS e-file Application and Participation; and Publication 1345, Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns.
Source: Tax Tip 2021-182
– Story provided by TaxingSubjects.com
by Socheata Ten EA, LLC | Dec 10, 2021 | Tax Tips and News
While most Americans have their eyes firmly on the Christmas holidays, many US retirees have another milestone to consider.
While the holidays are the emotional favorite, they shouldn’t let the deadline slip by to make Required Minimum Distributions (RMDs) from their retirement plans and individual retirement accounts. That deadline is December 31.
RMDs are generally the minimum amounts that plan owners have to take out in a year, starting in the year they reach 72. Owners have the alternative to start RMDs the year they retire, if that’s later than 72.
If the retirement plan account is an IRA – or the account owner is at least a 5% owner of the business that sponsors the retirement plan – the account owner has only one choice: to withdraw the RMD starting the year they turn 72.
Taxpayers who reached 70 1/2 in 2019 – that is, those who tuned 70 on or before June 30, 2019 – didn’t have to take a Required Minimum Distribution for 2020, but they will have to take one for 2021. (More on this later.)
Those who reach 72 this year with their 70th birthday on or after July 1, 2019, have their first RMD due by April 1 of 2022.
Who has to take an RMD?
The rules for Required Minimum Distributions apply to:
- Owners of traditional Individual Retirement Arrangements (IRAs)
- Owners of traditional Simplified Employee Pension (SEP) IRAs
- Owners of Savings Incentive Match Plans for Employees (SIMPLE) IRAs
- Participants in various workplace retirement plans, including 401(k), Roth 401(k), 403(b) and 457(b) plans
The biggest excepted group to RMDs are taxpayers who participate in Roth IRAs, since those investments don’t require distributions while the original owner is still alive.
How do retirees find their RMD?
An IRA trustee or the plan administrator will notify the taxpayer who owns the account that an RMD must be taken, when, and how much to withdraw. This is done for each IRA the taxpayer owns. In the case of IRAs, the taxpayer with multiple accounts can take the RMD amounts for all their accounts from just one, satisfying the law for distributions.
Rules, however, are different for workplace retirement plans, where RMDs have to be taken from each account the taxpayer owns.
The penalty for not taking the distribution – or for not taking enough in a distribution – can be a real attention-getter: a 50% excise tax on the amount not distributed.
The RMD is figured using the taxpayer’s life expectancy and the account’s balance. Many trustees use Form 5498, IRA Contribution Information, to report the distribution to the account owner.
Most times, life expectancy is calculated using the Uniform Lifetime Table III in Publication 590-B, Distributions from IRAs.
The IRS also has online worksheets taxpayers can use at IRS.gov.
The coronavirus and 2020 distributions
Like just about everything else in American life, the COVID pandemic affected Required Minimum Distributions in 2020.
If an IRA owner or a beneficiary got an RMD during 2020, they had the option of returning the funds to their IRA or other qualified plan to avoid paying taxes on the distribution.
If a 2020 distribution could be qualified as a coronavirus-related distribution, it could be repaid over a three-year period or have taxes on the RMD spread over three years.
A 2020 distribution from an inherited IRA, however, faced a different set of rules, since those withdrawals weren’t allowed to be repaid. Taxpayers could, however, have the taxes on the RMD spread over a three-year period.
For frequently asked questions, forms, instructions and other tools, visit IRS.gov online.
There, find:
Source: IR-2021-245
– Story provided by TaxingSubjects.com
by Socheata Ten EA, LLC | Dec 8, 2021 | Tax Tips and News
New guidance is available for employers on the retroactive termination of the Employee Retention Credit.
The new information is contained in Notice 2021-65.
The reversal comes after passage of the Infrastructure Investment and Jobs Act on Nov. 15 of this year. The new law amended the language of the original Employee Retention Credit so that it now applies only to wages paid before Oct. 1, 2021. The only exception is for recovery startup firms.
Why was Employee Retention Credit guidance needed?
This new guidance applies to some employers who paid wages after Sept. 30 of this year and got an advance payment of the Employee Retention Credit.
These employers may also take the option to make reduced employment tax deposits ahead of getting the credit in the fourth quarter of the year. But there’s a problem: Thanks to the change in the law, the employers no longer qualify for the credit or the advance payments.
For those affected employers who got advance payments of the credit for fourth-quarter wages, the fix is simple. They can avoid failure-to-pay penalties as long as they repay the amounts by the due date on their employment tax returns.
What about those employers who chose to reduce their employment tax deposits?
In that case, if the deposits were reduced on or before Dec. 20, 2021, for wages paid in the fourth quarter of the year anticipating the Employee Retention Credit, the employer won’t face failure-to-deposit penalties if:
- The employer reduced deposits in anticipation of the Employee Retention Credit, consistent with the rules in Notice 2021-24;
- The employer deposits the amounts initially retained in anticipation of the Employee Retention Credit on or before the relevant due date for wages paid on Dec. 31, 2021 (regardless of whether the employer actually pays wages on that date). Deposit due dates will vary based on the deposit schedule of the employer, and;
- The employer reports the tax liability resulting from the termination of the employer’s Employee Retention Credit on the applicable employment tax return or schedule that includes the period from Oct. 1, 2021, through Dec. 31, 2021. Employers should refer to the instructions to the applicable employment tax return or schedule for additional information on how to report the tax liability.
It should be noted that while the various remedies mentioned can help employers escape failure-to-pay and failure-to-deposit penalties for taxes due on fourth-quarter wages in 2021, employers won’t avoid such penalties if they reduce deposits after Dec. 20.
Employers who get a notice of a penalty can reply with an explanation. The IRS says it will then consider issuing relief for reasonable cause.
Check out the IRS website at IRS.gov for more information on coronavirus-related relief measures for businesses.
Source: IR-2021-242
– Story provided by TaxingSubjects.com
by Socheata Ten EA, LLC | Dec 5, 2021 | Tax Tips and News
We’re not trying to be alarming, but if you’ve got a small business, there’s someone looking over your shoulder—and we’re not talking about the government.
They are, however, scammers and identity thieves, looking to use the business’ confidential information to file bogus tax returns. Their endgame is to steal inflated refunds in the name of their victims.
“Businesses, just like individuals and tax pros, need to stay alert,” said IRS Commissioner Chuck Rettig. “Thieves may steal enough information to file a business tax return or use other scams that involve the company or its employees.”
And unfortunately, it’s the “little guy” who gets hit the hardest. Of all the cyberattacks leveled at business targets, more than 70% were aimed at businesses with 100 or fewer employees.
Business identity information, employee identity data – even credit card and other payment information – all are fair game for cybercriminals. To hang on to their data, businesses are urged to use these best practices from the Federal Trade Commission:
- Set security software to update automatically,
- Back up important files,
- Require strong passwords for all devices,
- Encrypt devices and
- Use multi-factor authentication.
Remember to be alert for any possible scams that use COVID-19 as a premise to trick email recipients into clicking embedded links or opening attachments. These scams also surface around tax time using taxes as the cover instead of COVID.
While it may not be a direct defense of data, keeping a business’ EIN information up-to-date can be important for resolving data breaches or identity theft issues quickly.
Use Form 8822-B to report changes of address or responsible party. These changes must be reported to the IRS within 60 days of the change. Keeping this information current allows the IRS and the company to respond quickly to resolve data issues.
IRS does its part
The Internal Revenue Service has tightened up how it delivers information, making it harder for identity thieves to glean actionable data that can help them file fake returns.
The agency began masking sensitive data on business tax transcripts last year. Now, only financial entries are fully visible. The rest of the data in the transcript has various rules for what can be seen—or not.
The names of businesses and individuals, for example, are reduced to the first four letters of each first and last name; Employer Identification Numbers, on the other hand, are represented by only their last four digits.
If a business suspects it has been the target of possible identity theft, they should file Form 14039-B, Business Identity Theft Affidavit. This lets firms report possible tax-related identity or data theft quicker.
If a business receives any of the following examples, they should consider filing Form 14039-B:
- Rejection notice for an electronically filed return because a return already is on file for that same period.
- Notice about a tax return that the entity didn’t file.
- Notice about Forms W-2 filed with the Social Security Administration that the entity didn’t file.
- Notice of a balance due that is not owed.
Note, however, that Form 14039-B should not be filed if a business has a data breach but there’s no tax-related impact.
The IRS’ Identity Theft Central web pages have more information in their Business section.
This puts the wraps on National Tax Security Awareness Week and related alerts from the Security Summit, a partnership of the IRS, state taxing agencies and tax-industry partners. The Security Summit has been tasked with fighting identity theft – especially when it occurs as part of the income tax process.
For more information on security measures affecting America’s small businesses, check out the Federal Trade Commission’s Cybersecurity for Small Businesses web page.
Source: IR-2021-241
– Story provided by TaxingSubjects.com
by Socheata Ten EA, LLC | Dec 3, 2021 | Tax Tips and News
Six little numbers.
They could be all the difference between a happy taxpayer and someone who’s fallen victim to identity thieves.
The six numbers make up an Identity Protection Personal Identification Number, also known as an IP PIN, and they can help to keep taxpayers’ personal financial information, well, personal.
An IP PIN is a six-digit number known only to the taxpayer and the IRS, assigned to eligible taxpayers to help stop the misuse of their Social Security number or Individual Taxpayer Identification Number (ITIN). Identity thieves file fake income tax returns using these numbers to claim fraudulent refunds.
Originally, the IP PIN was meant only for taxpayers who were known to be victims of tax-related identity theft. The program was expanded earlier this year to cover any taxpayer in the U.S. who would like the extra protection an IP PIN affords on returns filed with the IRS.
“When people have this special code, it prevents someone else from filing a tax return in their name,” said IRS Commissioner Chuck Rettig. “The fastest way to get an Identity Protection PIN is to use our online tool, but keep in mind people must pass a rigorous authentication process. We must know that the person asking for the IP PIN is who they really say they are.”
More than 5 million American taxpayers protect themselves now with an IP PIN, and the IRS recently made the process of acquiring an IP PIN easier than before.
The fastest and easiest way to get an IP PIN is online, using the IRS’ Get an IP PIN tool.
Whether the return is filed electronically or on paper, the six-digit IP PIN helps the IRS confirm that the filing taxpayer is who they say they are. The tool, at IRS.gov/ippin, provides a quick way to obtain an IP PIN; it’s also where participating taxpayers will go to get an IP PIN for the next year.
Each IP PIN is good for one year. Participating taxpayers will have to go online each January to get a new IP PIN to remain in the program.
In 2022, the Get an IP PIN tool is slated to go online January 10.
Here are some other things taxpayers need to know about the IP PIN program:
- No identity theft affidavit is required for taxpayers opting in. This means that anyone who voluntarily applies for an IP PIN doesn’t need to file Form 14039, Identity Theft Affidavit, with the IRS.
- Be sure to enter the IP PIN on any return, whether it is filed electronically or on paper. This includes any amended returns or returns for prior years. Doing so will help avoid processing delays or having the return rejected by the IRS.
- Anyone with either a Social Security number (SSN) or Individual Taxpayer Identification Number (ITIN) who can verify their identity is eligible for the IP PIN opt-in program.
- Any eligible family member can get an IP PIN. This includes the primary taxpayer (the person listed first on a tax return), the secondary taxpayer (on a joint return, the person listed second on the return) or any of their dependents.
- With one key exception, never reveal an IP PIN to anyone. The only exception is a taxpayer who uses a trusted tax professional to file their return. Even then, only share the IP PIN with the trusted tax pro when it is time to sign and submit the return. The IRS will never ask for an IP PIN. Remember to watch out: Phone calls, emails and texts requesting an IP PIN are scams.
- Identity theft victims should still fill out an ID theft affidavit. This means that any confirmed victim of tax-related identity theft still needs to file Form 14039 with the IRS if their e-filed tax return was rejected by the agency due to a duplicate SSN filing. The IRS will then investigate their case. Once the fraudulent tax return is removed from their account, the IRS will automatically mail an IP PIN to the confirmed victim at the start of the next calendar year. Because of security risks, confirmed identity theft victims cannot opt out of the IP PIN program.
Can’t pass the online authentication process?
Taxpayers who cannot pass the IRS online identity authentication process have a couple of options. One option is to file Form 15227. For the 2022 processing year, those taxpayers with an adjusted gross income of $73,000 or less (or an AGI of $146,000 or less for married filing jointly) can fill out Form 15227 and then either mail or fax it to the IRS.
The taxpayer needs access to a telephone, since the IRS representative will call the taxpayer to verify their identity. Note that this option is slower than the online tool, since it will take about a month for successful IP PIN applicants to actually receive their PIN.
The second option involves making an appointment with an IRS Taxpayer Assistance Center, or TAC. Taxpayers using this option should bring two forms of picture identification to the TAC appointment. Successful applicants will have their IP PIN mailed to them immediately after their visit; however, the IRS suggests allowing three weeks for delivery.
To find a local TAC, use the IRS Local Office Locator online tool or call 844-545-5640.
This is National Tax Security Awareness Week, which is sponsored by the Security Summit, a partnership between the IRS, state taxing agencies and tax-industry leaders. This alliance of public and private sectors has strengthened defenses against those criminals who would file fraudulent tax returns and steal refunds.
Source: IR-2021-238
– Story provided by TaxingSubjects.com
by Socheata Ten EA, LLC | Dec 3, 2021 | Tax Tips and News
Aside from being required by the FTC to have a written data security plan, criminals have increasingly been targeting tax professionals with phishing emails and social media messages. The pandemic—it turns out—has simply given them even more opportunities to create fraudulent government announcements.
To help prevent future tax-office data breaches, the Security Summit is recommending that tax pros review their security protocols before tax season begins. What better place to start than with the fundamentals?
What are the “Security Six?”
The IRS describes that the Security Six as “easy steps [that] can make a big difference, both for tax pros and taxpayers.” So, let’s take a look at what they recommend:
- Use anti-virus software and set it for automatic updates to keep systems secure. This includes all digital products, computers, and mobile phones.
- Use firewalls. Firewalls help shield computers from outside attacks but cannot protect systems in cases where users accidentally download malware, for example, from phishing email scams.
- Use multi-factor authentication to protect all online accounts, especially tax products, cloud software providers, email providers and social media.
- Back up sensitive files, especially client data, to secure external sources, such as external hard drive or cloud storage.
- Encrypt data. Tax professionals should consider drive encryption products for full-drive encryption. This will encrypt all data.
- Use a Virtual Private Network (VPN) product. As more practitioners work remotely during the pandemic, a VPN is critical for secure connections.
The IRS press release also notes that learning to identify and avoid common phishing scams is an essential step in avoiding data theft. Tax-pro-specific scams tend to have messages about expired account passwords, EFIN verification, and e-filing-related messages that appear to come from the IRS.
What should I do if I receive a phishing email or social media message?
First, never open an email or social media message that you suspect is a phishing scam. If you accidentally open the email, make sure you don’t click on any attachments or embedded links, since they could lead to a fake website or contain information-stealing malware or ransomware.
If you think you’ve received a tax-related phishing scam, be sure to report it to the IRS and TIGTA. That way, they can add it to their database of current scams and warn other tax professionals and taxpayers about it.
Remember, when it comes to data security, we’re all in this together.
Where can I find a sample tax office security plan?
In addition to reviewing these basic tips, you can check out the Drake Software Tax Office Security Plan. This sample security is composed of a series of worksheets that address common security-related issues, like classifying stored information, identifying threats, and prioritizing potential issues.
Visit our “Easy Steps to Create Your Mandatory Tax Office Security Plan (SAMPLE INCLUDED!)” blog to download a free copy.
Source: IR-2021-239
– Story provided by TaxingSubjects.com