[PopAlongKid]

Yes. And as you mention, sometimes it is just the preparer committing fraud (e.g. falsely claiming refundable credits) without the client's explicit cooperation, although clients also spread the word about what a "great job" their preparer did for them. Since the preparer avoids associating themself with all the returns they prepare, it is much harder for the IRS to detect their pattern of fraud.

The IRS and industry vendors (including Intuit) have, under the label "Security Summit", implemented things such as collecting metadata (tracking the network address from where returns are filed, how long the return was open in the software, etc), stronger password requirements with MFA required to submit returns electronically, limiting the number of refunds paid to the same address or financial account, and optionally collecting driver's license info to confirm identity.[0] It seems to have been relatively successful, as the frequent complaints of ID theft (returns filed under someone else's name) have declined significantly as a result.

[0]https://www.irs.gov/newsroom/irs-announces-dirty-dozen-tax-s...