Tax identity theft: what to do if someone files in your name (2026)

Most people don't find out they've been hit by tax identity theft until they file their return and the Internal Revenue Service (IRS) rejects it. By then, it's already too late. A duplicate social security number (SSN) is sitting in the system – attached to a fraudulent return someone else filed first, often months earlier.

The thieves don’t need your wallet to pull it off – just your SSN and a few personal details. Most of that sits wide open on people search sites run by data brokers – companies that collect and sell your personal information, usually without you ever knowing.

This guide covers what to do if your return gets rejected, how to file Form 14039, and how to make yourself a harder target before next tax season.

Tax identity theft immediate checklist – what to do first

1. Call the IRS Identity Protection Specialized Unit at 1-800-908-4490
2. File the IRS Form 14039 (Identity Theft Affidavit) – submit online at IRS.gov, or by mail or fax to the IRS' specialized processing areas
3. Report to the FTC at IdentityTheft.gov to get a personalized recovery plan
4. Place a fraud alert with any one of the three major credit bureaus – a single alert automatically notifies all three
5. File your legitimate tax return on paper and mail it to the IRS

Red flags: signs someone filed a tax return in your name

The most common indicators that your SSN has been used fraudulently come up during the filing season. That said, some show up year round:

• E-file rejection due to a duplicate SSN. This is the clearest signal as the IRS system only accepts one return per SSN per year. If your return comes back rejected with a duplicate filing error, someone got there first.
• IRS Letter 5071C or 4883C. These letters ask you to verify your identity before the IRS processes your return. Receiving one doesn't guarantee fraud, but it's a strong indicator.
• IRS Letter CP01E or CP2000. Letter CP01E means the IRS suspects identity theft on your account. Letter CP2000 flags income the IRS received from an employer that you didn't report – a common sign that a thief used your SSN for employment.
• An unexpected tax transcript or refund. Receiving a transcript or refund you didn't request means someone filed using your identity.
• Unrecognized employer earnings on your Social Security work history. If your SSA.gov account shows wages from a company you've never worked for, a thief likely used your SSN to get a job – and created a tax liability in your name.

The recovery roadmap: step by step

The IRS has a defined process for identity theft victims. Follow these steps in order.

Step 1: file the IRS form 14039

Form 14039, the IRS Identity Theft Affidavit, is the formal declaration that your SSN has been used without your permission. It flags your account for the IRS Identity Protection Specialized Unit and opens your case.

You can file the form using two electronic options, mail, or fax:

• IRS direct portal
• identitytheft.gov (FTC) – completes both your IRS filing and your FTC identity theft report in one session
• PDF download (to mail or fax)

When completing the form, check the box indicating that someone filed a fraudulent return using your SSN. Attach a copy of the IRS rejection notice if you have one.

Step 2: file an FTC identity theft report

IdentityTheft.gov is the Federal Trade Commission's official recovery hub. After you report, it generates a personalized recovery plan and produces a document you can use for credit disputes and with creditors.

Note: If you filed through IdentityTheft.gov in Step 1, this is already done – your FTC report was created at the same time. Keep a copy of your FTC report number. You'll reference it in almost every subsequent step.

Step 3: place fraud alerts and consider a credit freeze

Contact any one of the three major credit bureaus to place a fraud alert – that bureau must legally notify the other two: Equifax fraud alert, Experian fraud alert, or TransUnion fraud alert.

A standard fraud alert lasts one year; an extended alert lasts seven and requires a copy of your identity theft report. A credit freeze goes further – it prevents anyone from opening new credit in your name until you lift it. Unlike fraud alerts, a freeze must be placed with each bureau separately. Follow these links for instructions: Equifax freeze, Experian freeze, TransUnion freeze.

Freezes are free at all three bureaus. Tax identity thieves often reuse stolen SSNs for multiple fraud types, so a freeze is worth the minimal inconvenience.

Step 4: file your legitimate return on paper

Once you've filed Form 14039, you still need to submit your actual tax return. The IRS instructs victims to file on paper by mail – include a copy of your Form 14039 and the IRS rejection notice with the return.

The IRS will process your legitimate return separately from the fraudulent one while the investigation runs. Expect a long wait. While the IRS' stated goal is 120 days, the National Taxpayer Advocate reported that actual average resolution times reached 20 months.

Step 5: request an Identity Protection PIN

An Identity Protection PIN (IP PIN) is a six-digit code that works as a private password between you and the IRS. Any return filed under your SSN without that year's IP PIN gets automatically rejected, regardless of how much personal data the filer has.

Once you've been a verified identity theft victim, the IRS issues you an IP PIN automatically. You can also opt in voluntarily – the program is open to any taxpayer, not just confirmed victims. You receive a new PIN each January, and here’s how to enroll or retrieve your IP PIN.

Directory of help: who to contact

Here’s your cheat sheet of important contact points – institutions you may need to contact during your recovery process.

Who	What they do	Contact
IRS Identity Protection Specialized Unit	Opens your case, flags your account, suppresses erroneous notices	1-800-908-4490 (M-F, 7AM-7PM local)
FTC – IdentityTheft.gov	Files your IRS Form 14039 + FTC report in one go; generates recovery plan	identitytheft.gov
IRS Online Account	Check transcripts, spot fraudulent returns, retrieve your IP PIN	irs.gov/account
Social Security Administration	Check your earnings record for unrecognized employer wages	ssa.gov/myaccount
AnnualCreditReport.com	Pull free credit reports from all 3 bureaus – spot new accounts you didn't open	annualcreditreport.com
Equifax (fraud alert)	One call covers all 3 bureaus – Equifax notifies Experian and TransUnion automatically	1-888-836-6351
Taxpayer Advocate Service	Free, independent IRS watchdog – escalate here if your case stalls	1-877-777-4778 / taxpayeradvocate.irs.gov

Employment-related tax fraud: the overlooked type

Most people picture tax identity theft as refund theft. The employment version gets less attention, despite being nastier in some ways.

A thief uses your SSN to get a job. Their employer reports the wages to the IRS. Then you get a CP2000 notice for income you never earned, from a company you've never heard of. You have 30 days to respond.

You must write back, disagree, and attach documentation showing where you actually worked. Don't include the unrecognized wages on your return – not even as a precaution.

Your goal is to provide clear evidence: show where you did work, and make it obvious the flagged employer doesn't fit the picture. Send copies only – never originals.

You don't have to definitively prove a negative. A credible account of where you actually were shifts the burden back to the IRS to reconcile the discrepancy.

Two proactive steps worth taking:

• Check your SSA earnings record at SSA.gov/myaccount – every employer who's ever reported wages under your SSN shows up there. An unfamiliar name is a red flag, even before any IRS notice arrives.
• Lock your SSN for employment at e-verify.gov – it stops your SSN from being verified by employers while active. Underused, but worth knowing.

If the IRS spots the problem before you do, you'll get a CP01E notice – a protective marker has already been added to your account. No Form 14039 needed; just follow the instructions in the notice.

How to cut off the source: removing your data from brokers

Tax identity theft doesn't start with the IRS – it starts with your personal data sitting on broker websites that anyone can query. Name, address, date of birth, SSN fragments – enough to file in your name.

Not sure how much of your data is already out there? Verify it with this free scanner – enter a few basic details and get a full report on what's exposed.

Data brokers are companies that collect public records and sell personal profiles to marketers, background check services, and fraudsters. Hundreds of them exist, each with its own opt-out process.

The fastest way to clear your data across all of them is by using Incogni – a removal service that submits opt-out requests on your behalf and monitors for repopulation. If a broker re-lists you, it sends another request. The less that's out there about you, the harder you are to impersonate.

For a manual start, Spokeo, WhitePages, Intelius, BeenVerified, and PeopleFinder all have opt-out forms. It works – but it takes hours and needs repeating. Manual opt-outs make sense as a backup, not a plan.

Bottom line

Tax identity theft is frustrating because the damage occurs before you know anything is wrong. But the recovery path is clear, the IRS has a dedicated unit for it, and the IP PIN program gives every taxpayer a real way to block electronic fraud before it starts.

The less personal data sits on broker sites, the smaller the target you present. Tools like Incogni handle the ongoing work of keeping it suppressed. Once you've filed Form 14039 and sent in your legitimate return, be ready for a long process – cases can drag on well over a year.

In short, you should file early, get an IP PIN, and take your data off the sites that sell it. None of these steps is foolproof, but together they close off the most common ways that tax identity theft happens.

FAQ