Tax Professionals Beware!

The 2017 tax filing season is here!

Thieves have already geared up to file millions of fraudulent tax returns before the real taxpayer.  In a previous IRS CID presentation, the IRS indicated that thieves filed as many as 17 million tax returns on the first day of the filing season.  As the IRS, states, and tax industry continue the fight to combat identity theft by putting mechanisms in place to halt the processing of tax returns and freeze refunds due to potential identity theft, thieves will naturally seek other ways to steal taxpayer information and file fraudulent returns to get them through the system as legitimate returns.

IRS is warning tax professionals to secure their systems and protect their client data.  Through the Protect Your Clients; Protect Yourself campaign launched in September 2016 via the Security Summit partnership between IRS, states, and tax industry, the IRS has issued a series of tax tips geared toward educating and assisting tax professionals in protecting themselves and protecting their client’s data.

So you are not caught by surprise, let’s recap some of the email scams against tax professionals that you should be on the lookout for:

IR-2017-03, January 11, 2017 –  New Two Stage Email Scheme – In this scam tax professionals receives one email that asks the tax professional a question such as, “I need a preparer to file my taxes”; if the tax professional responds a second email is received with a PDF attachment or embedded web address where tax professional think they are downloading a potential client’s tax info but in reality thieves are collecting preparer’s email address and password and other information.

IR-2016-145, Nov. 4, 2016 – New e-Services Scam – The subject line for the fraudulent email is “Security Awareness for Tax Professionals.” The “From” line is “Your e-Services Team.” It has both an IRS logo and an e-services logo that hyperlinks to a URL verified as a phishing site. Thieves attempt to steal e-Services username and passwords.

Special Edition Tax Tip – September 23, 2016Fake Tax Bill Scam – Scammers emailing fake tax bills in the form of CP2000 notice related to the Affordable Care Act (ACA) requesting information regarding 2014 coverage and requesting checks be made out to I.R.S. and sent to “Austin Processing Center”. Please be aware that IRS requests checks be made out to Department of Treasury instead of I.R.S. and also there is no such IRS center called the “Austin Processing Center”.

IR-2016-119, September 2, 2016Thieves are able to access tax professional’s computers and use remote technology to take control, accessing client data and completing and e-filing returns but directing refunds to criminals’ own accounts.

IR-2016-103, August 11, 2016Email scheme mimicking tax software providers attempting to trick recipients into clicking on a bogus link appearing to be an update to their software package but really downloading a program to track the tax professional’s keystrokes to eventually steal information.

The following tips are suggested to protect yourself and your client from a data breach:

  1. Make sure your virus software is up to date and run a security scan to search for viruses and malware.
  2. Use encryption software to safeguards your client’s sensitive financial data such as tax returns or other tax information stored on your hard drive.
  3. Protect your wireless network with a strong password.
  4. Never use public Wi-Fi to share sensitive data. (Note: If Wi-Fi does not require password, it’s probably not secure.)
  5. Use strong passwords (minimum of 8 characters including lower and upper case letter, number, and special character) for both computer access and access to your tax software.
  6. Do not click or open any attachments from unknown senders.
  7. Create internal policies and educate staff members about the dangers of phishing scams in the form of emails, texts, and phone calls.
  8. Review any software your employees use to remotely access your network and/or your IT support vendor uses to remotely trouble shoot technical problems and support systems.
  9. Monitor your PTIN for any suspicious activity.  (Click here for IRS Instructions)
  10. Back up data periodically via your protected cloud storage or separate disk.

If you suffer a data breach or other security incident, see IRS Protect Your Clients; Protect Yourself Tax Tip Number 7, January 18, 2016 to determine next steps.

For more of tax tips and ideas and to hear directly from the IRS, come to the Tax Alliance Conference in Plano, TX, June 6-8 of 2017.