Quick overview

IRS identity theft is tax-specific fraud where a criminal files a tax return using another person’s personal data to claim refunds or manipulate accounts. Victims often first notice the problem when the IRS rejects an e-filed return because one already exists under their Social Security number, or when they receive an IRS notice about a suspicious return. Early action is the single best defense: filing the correct forms with the IRS and securing your personal and financial accounts reduces long-term damage.

How IRS identity theft typically happens

  • Data breaches: Retail, payroll, or service-provider breaches expose personal records used to prepare fraudulent returns. (See IRS guidance on data breaches: IRS Identity Theft Central: https://www.irs.gov/privacy-disclosure/identity-theft-central)
  • Phishing and social engineering: Criminals trick taxpayers into revealing login credentials, SSNs, or tax preparer information.
  • Stolen mail and documents: Paper W-2s, 1099s, and other sensitive forms can be intercepted.
  • Account takeover: Gaining access to a taxpayer’s IRS online account, tax preparer portal, or email to submit fraudulent filings.

In my practice working with small-business owners and individual taxpayers, I frequently see identity theft begin with a non-tax data breach that is later leveraged to file a fraudulent return. The IRS and tax professionals are often the last to discover the fraud; that delay can complicate refunds and audit flags.

Immediate steps if you suspect tax-related identity theft

  1. File Form 14039, Identity Theft Affidavit, with the IRS when you receive IRS letters indicating a suspicious return or when the IRS rejects your return because one has already been filed in your name. The form and instructions are at: https://www.irs.gov/forms-pubs/about-form-14039 (IRS).
  2. Respond to any IRS notices exactly as instructed and keep copies of all correspondence. If the notice instructs you to call, use the phone number on the notice.
  3. Complete an identity-theft report at IdentityTheft.gov and get a recovery plan and official FTC report to share with creditors and the IRS (Federal Trade Commission: https://www.identitytheft.gov).
  4. Place fraud alerts or credit freezes with the three national credit bureaus (Experian, Equifax, TransUnion). A freeze prevents new accounts from being opened in your name without your consent; a fraud alert tells lenders to verify your identity.
  5. Monitor your credit reports at AnnualCreditReport.com (free weekly reports offered periodically by the bureaus during tax seasons). Regular checks catch new accounts or inquiries tied to identity thieves.

How the IRS helps victims and what to expect

  • Identity Theft Central (IRS) is the central resource for taxpayers dealing with tax account identity theft (https://www.irs.gov/privacy-disclosure/identity-theft-central).
  • The IRS may request documentation to verify your identity and that you did not file the fraudulent return. That often includes a signed Form 14039, copies of government-issued ID, and proof of address or previous tax returns.
  • Resolution can take several months, especially when the IRS must manually review and restore your account. Expect correspondence and follow-up requests.

The IRS also provides a free online tool for obtaining an Identity Protection PIN (IP PIN) for eligible taxpayers; an IP PIN is a six-digit number that must be entered on a return to verify the filer’s identity. Enrollment details and eligibility criteria are on the IRS IP PIN page (https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin). In my advisory work, I often recommend eligible clients enroll in the IP PIN program—especially taxpayers who have previously been targeted or who receive large refunds.

Prevention: hardening your tax account and digital footprint

  • Sign up for an IP PIN if eligible. An IP PIN prevents a criminal from filing a tax return with your Social Security number because the IRS rejects returns that don’t include the correct IP PIN.
  • Enable multi-factor authentication (MFA) on all tax-preparer portals, email accounts, and financial services. MFA reduces the risk of account takeover even if credentials are stolen.
  • Use a password manager to create and store unique, strong passwords. Avoid reusing passwords across sensitive accounts.
  • Protect physical documents: store tax records and Social Security cards in a locked location; shred documents you discard.
  • Secure email and devices: keep operating systems and security software up to date, use encrypted backups, and avoid public Wi‑Fi when accessing tax or financial accounts.
  • Vet tax preparers: use credentialed preparers (PTINs, ATT numbers, or recognized credentials) and confirm they follow secure file-transmission and storage procedures.

Long-term monitoring and recovery tactics

  • Keep a folder of all communications you send to and receive from the IRS, your bank, and credit bureaus.
  • If a refund was wrongfully claimed, the IRS will work to resolve the case—this can include adjusted returns and corrections to your tax transcript. Save copies of corrected returns and IRS letters.
  • If the identity theft affected your state tax filings, contact your state tax agency. State procedures vary; many mirror federal steps.

Common mistakes and misconceptions

  • Waiting to act: Delay is the biggest error. If you wait, thieves can open accounts, apply for benefits, or complicate the IRS’s ability to verify you.
  • Assuming a police report is sufficient: A police report or FTC report is helpful, but you must also follow IRS-specific processes (Form 14039 and the IRS Identity Theft Central instructions).
  • Believing you’re not a target: Anyone who has their SSN or financial data exposed is at risk, regardless of income level or age.

Practical examples from practice

A client found their e-filed return rejected because another return had already been filed with their SSN. We filed Form 14039, provided copies of the prior year’s return and a government photo ID, and requested an IP PIN. While the IRS review took several months, proactively freezing credit and placing fraud alerts prevented additional financial accounts from being opened in the client’s name during the investigation.

Another small-business owner discovered a payroll vendor breach that leaked employee W-2 data. We notified affected employees, advised placing freezes, assisted with identity-theft reports, and coordinated timing for employees to apply for IP PINs where eligible. Early notification and coordinated remediation limited downstream impacts.

Useful resources (authoritative)

Related FinHelp guides

For deeper, step-by-step guidance and tax-account-specific recovery steps, see these related glossary entries on FinHelp:

Final notes and disclaimer

This article is educational and reflects best practices and my professional experience working with taxpayers and small-business owners through identity-theft incidents. It is not legal or tax advice for your specific situation. For tailored assistance, consult a CPA, enrolled agent, or tax attorney, and follow IRS directions in any mailed notices.

(Information current as of 2025; check IRS Identity Theft Central and the CFPB for the latest procedures.)