The Treasury Inspector General for Tax Administration (TIGTA) has reported that between August 12, 2023, and April 16, 2024, fraudsters attempted to file 4,828 tax returns in order to steal $462 million in refunds. Despite efforts by the IRS to detect and stop these fraudulent claims, 574 improper returns claiming over $47 million were still able to slip through the cracks. Shockingly, these fraudsters were able to access taxpayer information through the Practitioner Priority Service (PPS), a hotline designed for tax professionals to reach out to the IRS.
Tax professionals often need to contact the IRS on behalf of taxpayers for various services, such as obtaining transcripts or requesting holds on collections activities. The PPS hotline is dedicated to assisting tax professionals with more complex requests. When contacting the IRS through the PPS, tax professionals must prove that they are authorized to discuss specific taxpayers and their related forms and years. This is typically done through filing Form 2848, Power of Attorney and Declaration of Representative, which includes identifying information like a Centralized Authorization File (CAF) number and Preparer Tax Identification Number (PTIN) of the tax professional.
The fraudulent refund scheme uncovered by the IRS’s Cybersecurity Fraud and Analytics (CFAM) group involved fraudsters using compromised CAF numbers to access taxpayer information and file tax returns claiming $66 million in fraudulent refunds. While most of these claims were blocked, approximately $10 million in refunds were still processed and delivered. To prevent further fraud, the IRS began promoting the Tax Professional Online Account (Tax Pro Account) to provide tax professionals with secure access to taxpayer information.
The TIGTA report highlighted the need for the IRS to strengthen protocols in response to the fraudulent activity. Despite additional protections implemented by the IRS, fraudsters were still able to file 574 tax returns and obtain over $47 million in refunds. TIGTA identified 376 mailbox IDs being used by fraudsters, with access restricted to only 30 of them. The IRS has since trained PPS employees to use increased protocols and made recommendations to address the issues.
As of April 8, 2024, the IRS has trained all PPS employees to use enhanced protocols to prevent fraudulent activity. TIGTA made several recommendations to the IRS to address the issues, with the IRS agreeing with three out of four recommendations. While the IRS has taken steps to prevent fraud, tax professionals still require immediate access to taxpayer accounts to assist them with time-sensitive matters like liens or levies. Moving forward, the IRS will continue to monitor its systems and take corrective action when necessary to prevent future fraud attempts.