Employment Identity Theft: I-9 Fraud, Wage Records, and Remediation
Employment identity theft occurs when a person uses another individual's Social Security number, government-issued identification, or combination of real and fabricated credentials to gain employment, evade tax obligations, or circumvent immigration eligibility verification. The consequences extend well beyond the immediate victim, creating IRS discrepancy notices, contaminated wage records at the Social Security Administration, and in some cases, erroneous enforcement actions against the true identity holder. This page covers the mechanics of employment-related identity fraud, its primary forms, the federal regulatory framework governing employer verification, and the structured remediation path available to victims.
Definition and Scope
Employment identity theft is a subcategory within the broader identity theft types and categories classification framework. It is defined operationally by the Internal Revenue Service as a situation in which another person uses a victim's Social Security number (SSN) to obtain employment, causing income to be attributed to the victim that the victim did not earn (IRS Publication 5027).
The Social Security Administration (SSA) maintains the Master Earnings File, which records wages reported under each SSN. When fraudulent employment activity is reported under a victim's SSN, the SSA's records accumulate earnings the victim did not receive. This distorts future benefit calculations under Title II of the Social Security Act and can trigger IRS CP2000 notices — automated underreporter inquiries — when the income reported by employers does not match the victim's filed tax return.
The scope is national. The SSA Office of Inspector General has identified fraudulent SSN use in employment contexts as a persistent vector in broader identity fraud schemes, often intersecting with synthetic identity theft when fabricated names are paired with real SSNs.
The regulatory perimeter is defined primarily by:
- 26 U.S.C. § 6051 — employer obligation to furnish W-2 wage statements tied to SSNs
- 8 U.S.C. § 1324a — employer sanctions provisions of the Immigration Reform and Control Act (IRCA), governing I-9 verification
- IRS Revenue Procedure 2017-18 — procedures governing identity theft and erroneous income reporting
How It Works
Employment identity theft typically operates through a structured sequence that exploits the gap between employer verification obligations and document authentication capability.
-
Credential acquisition. The perpetrator obtains a real SSN — through data breaches, dark web marketplaces (see dark web and stolen identity data), or document theft — and pairs it with a fraudulent or altered government-issued photo ID.
-
I-9 submission. Under 8 C.F.R. § 274a.2, employers must complete Form I-9 for every new hire to verify identity and employment authorization. Employers are required to examine documents but are not required to authenticate them forensically. A facially credible Social Security card paired with a driver's license or passport satisfies List A or combined List B and C requirements, even when the documents belong to a different person.
-
E-Verify bypass or evasion. E-Verify is an internet-based system administered by U.S. Citizenship and Immigration Services (USCIS) that cross-references I-9 data against DHS and SSA databases. When a perpetrator uses a real SSN paired with a real name matching that SSN, E-Verify may return an Employment Authorized result — because the credentials belong to a real person. E-Verify use is mandatory for federal contractors under the Federal Acquisition Regulation (FAR 52.222-54) but voluntary for most private employers unless required by state law.
-
Wage reporting. The employer files W-2s under the stolen SSN. The IRS and SSA record these wages against the victim's tax account and earnings history.
-
Detection lag. Victims typically discover employment identity theft only when they receive an IRS CP2000 notice, file a tax return that triggers an income mismatch, or review their Social Security Statement at SSA.gov and observe unfamiliar employers or income entries.
Common Scenarios
Unauthorized work authorization fraud: An individual lacking legal employment authorization uses a citizen's or lawful resident's SSN and identity documents. The victim accumulates unreported income on their SSA record and may face IRS liability. This is the most documented pattern in SSA OIG enforcement reports.
Wage garnishment evasion: A person with outstanding wage garnishment orders — for child support, tax levies, or student loan collections — uses a stolen identity to create a secondary employment record not linked to their legal identity.
Background check circumvention: An individual with a disqualifying criminal record uses another person's identity to pass employer background screening. This may overlap with criminal identity theft when the fraudulent identity is also used in law enforcement contexts.
Tax refund staging: A perpetrator works briefly under a stolen SSN, then files a fraudulent return claiming refunds or credits — particularly the Earned Income Tax Credit (EITC) — before the true identity holder files. This scenario intersects with tax identity theft and triggers the IRS's Taxpayer Protection Program.
Decision Boundaries
Victims and practitioners must distinguish employment identity theft from adjacent fraud categories based on the specific record systems contaminated and the applicable remediation authority.
| Scenario | Primary Record Impact | Governing Agency | Remediation Pathway |
|---|---|---|---|
| SSN used for employment | SSA Master Earnings File, IRS tax account | IRS, SSA | IRS Form 14039; SSA earnings correction |
| Fraudulent I-9 documents | DHS/USCIS employer records | USCIS, ICE | Employer notification; I-9 audit trail |
| Fraudulent W-2 reporting | IRS wage records | IRS | CP2000 response; IRS Identity Theft Unit |
| E-Verify fraud with real credentials | USCIS E-Verify database | USCIS | Self Lock through myE-Verify portal |
IRS Form 14039 vs. SSA Correction Request: IRS Form 14039 (Identity Theft Affidavit) addresses the tax account — suppressing erroneous income and flagging the account for the IRS Identity Protection Specialized Unit. It does not correct the SSA earnings record. A separate written request to the SSA, supported by the victim's actual employer records, is required to remove fraudulent entries from the Master Earnings File. These are parallel processes managed by separate agencies, and completing one does not substitute for the other. The broader identity theft affidavit explained reference covers the 14039 process in detail.
Employment theft vs. benefits fraud: Employment identity theft generates income records; government benefits identity theft exploits benefit disbursement systems. The two can co-occur when a perpetrator uses a stolen identity for both employment and benefit claims, but the remediation agencies differ — IRS and SSA for the former, and the relevant benefit agency (SSA Disability, HHS, DOL) for the latter.
Employer liability boundary: Under 8 U.S.C. § 1274a, employers who conduct good-faith I-9 verification using facially valid documents bear limited liability even when those documents prove fraudulent. Employer liability attaches when the employer had actual or constructive knowledge of unauthorized status or document fraud. Victims of employment identity theft are not liable for employer I-9 failures, but they bear the burden of documenting and disputing the resulting wage and tax records.
Victims should also pursue a credit freeze and fraud alert with all three major credit bureaus, as employment fraud schemes frequently accompany broader financial account compromise. The identity theft victim recovery roadmap provides a sequenced framework for managing multi-agency remediation.
References
- IRS Publication 5027 — Identity Theft Information for Taxpayers
- IRS Form 14039 — Identity Theft Affidavit
- Social Security Administration — Correcting Your Earnings Record
- USCIS — E-Verify Program Overview
- USCIS — myE-Verify Self Lock Feature
- 8 U.S.C. § 1324a — Unlawful Employment of Aliens (IRCA)
- 8 C.F.R. § 274a.2 — Employment Verification Requirements (I-9)
- FAR 52.222-54 — Employment Eligibility Verification (Federal Acquisition Regulation)
- SSA Office of Inspector General — Reports on SSN Misuse
- Federal Trade Commission — IdentityTheft.gov Employment Theft Resources