Tax Identity Theft: IRS Fraud and Prevention

Tax identity theft is a specific category of identity fraud in which a criminal uses another person's Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN) to file a fraudulent federal or state tax return, claim a refund, or interfere with legitimate tax obligations. It is administered primarily under IRS enforcement jurisdiction and intersects with federal statutes governing tax fraud, identity theft, and consumer protection. The consequences for victims range from delayed refunds to prolonged resolution timelines that extend across multiple filing seasons.

Definition and scope

Tax identity theft is classified by the IRS as a subset of tax-related fraud and is tracked separately from general identity theft in the agency's Taxpayer Advocate Service annual reporting. The IRS defines tax-related identity theft as occurring when someone uses a taxpayer's stolen personal information to file a tax return claiming a fraudulent refund (IRS Identity Theft Central).

The scope of the problem is measurable: the IRS Identity Theft Victims Assistance (IDTVA) unit processed over 400,000 individual cases in a single fiscal year, with resolution times averaging 19 months for complex cases, according to the National Taxpayer Advocate 2023 Annual Report to Congress. Federal jurisdiction is established through 26 U.S.C. § 7206 (false statements on tax returns) and 18 U.S.C. § 1028A (aggravated identity theft), which carries a mandatory 2-year federal prison sentence consecutive to any underlying offense penalty (18 U.S.C. § 1028A).

State-level tax identity theft is a parallel jurisdiction. All 50 states operate independent tax agencies, and a fraudulent federal filing does not automatically address fraudulent state filings. The identity protection providers on this site include service providers operating across both federal and state tax identity fraud recovery.

How it works

Tax identity theft typically follows a four-phase operational sequence:

  1. SSN acquisition — The perpetrator obtains a valid SSN or ITIN through data breaches, phishing campaigns, dark web marketplaces, or physical document theft. Medical records, school records, and financial institution breaches are the three most common upstream sources of SSN exposure.
  2. Early filing — The fraudulent return is submitted early in the filing season — often in January or early February — before the legitimate taxpayer files. The IRS's processing systems match SSNs against prior-year filing records, and the first return received for a given SSN is processed first.
  3. Refund routing — The fraudulent refund is directed to a prepaid debit card, a temporary bank account, or a cryptocurrency address to prevent tracing. The IRS Refund Anticipation Check mechanism has historically been exploited at this stage.
  4. Legitimate return rejection — When the actual taxpayer files, the return is rejected by IRS e-file systems with error code 0507 or a variant indicating a duplicate SSN. Paper filing becomes the fallback, triggering an identity verification process that initiates IRS case management.

The IRS Identity Protection PIN (IP PIN) program — a 6-digit code issued annually — disrupts Step 2 by requiring the IP PIN to be present on any return filed under the associated SSN (IRS IP PIN program). Enrollment is voluntary for most taxpayers but mandatory for confirmed identity theft victims.

Common scenarios

Tax identity theft manifests across three structurally distinct scenarios, each with different victim profiles and resolution pathways:

Scenario 1: Refund theft using a living taxpayer's SSN
The most frequent form. A living individual's SSN is used to claim a refund neither owed nor expected by the criminal. The victim discovers the fraud only at the point of filing rejection. Resolution requires submission of IRS Form 14039 (Identity Theft Affidavit) and triggers a manual IDTVA review process.

Scenario 2: Child or dependent SSN misuse
Minor children's SSNs are targeted because children do not independently file returns, allowing fraudulent use to go undetected for extended periods — in some documented cases, until the child reaches filing age. The FTC's IdentityTheft.gov includes a dedicated recovery pathway for child tax identity theft.

Scenario 3: Deceased taxpayer SSN exploitation
SSNs of recently deceased individuals remain active in IRS systems for a window following death before the Social Security Administration transmits the Death Master File update to the IRS. Fraudulent returns are filed during this window. The Social Security Administration's Death Master File (SSA DMF) is the primary upstream data source the IRS relies upon to flag these SSNs.

The contrast between Scenario 1 and Scenario 3 is operationally significant: living victims can self-report and participate in resolution; estates and families of deceased victims must navigate a separate fiduciary documentation process with no direct equivalent to the IP PIN program.

For a broader classification of identity theft types and the service landscape supporting recovery, the identity protection resource overview provides sector-level context on how these cases are handled across federal and state channels.

Decision boundaries

Tax identity theft intersects with adjacent fraud categories but is governed by distinct regulatory processes. Three boundaries define where tax identity theft ends and other fraud categories begin:

Tax identity theft vs. general financial identity theft
Tax identity theft is confined to the tax filing and refund system. It does not automatically indicate that broader financial accounts (credit cards, bank accounts, loan applications) have been compromised, though a shared underlying breach may drive both. The IRS does not have authority over credit reporting remediation; that authority rests with the FTC under the Fair Credit Reporting Act (15 U.S.C. § 1681) and with the three major consumer reporting agencies. A taxpayer addressing an IRS fraud case must independently initiate credit fraud alerts or freezes through separate channels.

Tax identity theft vs. employment-related identity theft
When a stolen SSN is used for unauthorized employment, the resulting W-2 income may appear on an IRS record under the victim's SSN, generating a tax liability the victim did not incur. This is employment-related identity theft (a distinct IRS category) and requires a different remediation form — IRS Form 14039-B — used by businesses, not the standard Form 14039 used by individuals.

IRS authority vs. state tax authority
The IRS resolves federal return fraud only. State tax agency fraud — even when driven by the same underlying SSN theft — requires separate reporting to the relevant state's department of revenue or taxation. A federal IP PIN does not protect against state-level fraudulent filings. Taxpayers with confirmed identity theft are advised to contact their state tax agency directly, as state-level IP PIN programs exist in a subset of states but are not federally mandated.

The defines how services addressing these distinct fraud pathways are classified and verified within this reference.

 ·   · 

References

Read Next

Identity Protection Listings ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Providers The identity... Identity Protection Directory: Purpose and Scope ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Network: Purpose and Scope... Medical Identity Theft: Risks and Recovery ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Medical Identity Theft: Risks and Recovery...