The IRS today warned tax professionals to increase their computer security and to beware of their inbox – specifically the successful email scams dubbed spear phishing that identify themselves as a friend, customer or company.
Increasingly, tax professionals are being targeted by identity thieves. These criminals – many of them sophisticated, organized syndicates – are redoubling their efforts to gather personal data to file fraudulent federal and state income tax returns.
No one entity can fight this crime alone. It takes all of us, working together.
That is why the Security Summit – the unprecedented partnership between the IRS, state tax agencies, and the private-sector tax industry – came together to form a united and coordinated front against this common enemy. And, that’s why they are asking tax professionals nationwide to join this effort. As part of the Security Summit effort, the IRS, state tax agencies and the tax industry next week will kick off another series in the Protect Your Clients, Protect Yourself campaign called “Don’t Take the Bait.” It’s critical that tax professionals remember they have not just an obligation but a legal requirement under federal law to protect taxpayer information. This is a follow-up effort to the “Taxes. Security. Together.” public awareness campaign.
Phishing scams use bait or lures to trick preparers into opening an infected link or attachment or disclosing usernames and passwords to critical accounts. Falling for the phishing bait means exposing taxpayer data to theft. Thieves also are interested in stealing preparers’ e-Services passwords, Electronic Filing Identification Numbers (EFINs), Centralized Authorization File (CAF) numbers and Preparer Tax Identification Numbers (PTINs.).
From January through May, there were 177 tax professionals or firms who reported data thefts involving client information involving thousands of people. The IRS currently is receiving three to five data theft reports a week from tax practitioners. Not all data losses are due to phishing scams but stopping this commonly used tactic by cyber-criminals would do much to lessen the current losses.
The tax community and others with taxpayer data – including human resource departments, small businesses and others – are among those targeted with increasingly sophisticated phishing schemes.
The Anti-Phishing Work Group (APWG), a not-for-profit industry association focused on eliminating the identity theft and fraud resulting from phishing, reported seeing a significant increase in phishing activities in 2016.
The IRS and its Security Summit partners will issue a series of fact sheets and tips on security, scams and identity theft prevention measures aimed at tax professionals and steps they can take to protect client data and their businesses. The 10-week campaign begins July 11, coinciding with the opening of the first IRS Nationwide Tax Forum at Orlando, Fla., and ends September 12 with the final Nationwide Tax Forum at San Diego.