Tax pros: Watch for tell-tale signs of identity theft

 All tax professionals should learn the signs of data theft so they can react quickly to protect clients.

During this summer’s campaign Boost Security Immunity: Fight Against Identity Theft, the IRS and its Security Summit partners remind tax pros to contact the IRS immediately when there's an identity theft issue. They should also contact insurance or cybersecurity experts to assist them with determining the cause and extent of the loss.

Here are the critical signs of data theft:

• Client e-filed returns rejected because their Social Security number was already used on another return.
• More e-file acknowledgements received than returns the tax pro filed.
• Clients responded to emails the tax pro didn't send.
• Slow or unexpected computer or network responsiveness such as:
• Software or actions take longer to process than usual
• Computer cursor moves or changes numbers without touching the mouse or keyboard
• Unexpectedly locked out of a network or computer.

Tax pros should watch for warning signs when clients report they've received:

• IRS Authentication letters 5071C, 4883C, 5747C even though they haven't filed a return.
• A refund even though they haven't filed a return.
• A tax transcript they didn't request.
• Emails or calls from the tax pro that they didn't initiate.
• A notice that someone created an IRS online account for the taxpayer without their consent.
• A notice the taxpayer wasn't expecting that:
• Someone accessed their IRS online account,
• The IRS disabled their online account.

These are just a few common examples. Tax pros should ensure they have the highest security possible.

If a tax pro or their firm thinks they are the victim of data theft, they should immediately:

• Report the theft to their local IRS Stakeholder Liaison
  Liaisons will notify IRS Criminal Investigation and others within the agency on the practitioner's behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in the clients' names and will assist tax pros through the process.
• Email the Federation of Tax Administrators at statealert@taxadmin.org
  Get information on how to report victim information to the states. Most states require that the state attorney general be notified of data breaches. This notification process may involve multiple offices.

More information:
Data Theft Information for Tax Professionals
Publication 4557, Safeguarding Taxpayer Data
Small Business Information Security: The Fundamentals
Boost Security Immunity: Fight Against Identity Theft

Tax pros: Beware of pandemic-related email schemes

All tax pros need to beware of evolving phishing scams that use various pandemic-related themes to steal client data. It is the tax preparer’s responsibility to secure their network to protect taxpayer data.

Tax pros, especially those who engage in remote transactions, remain vulnerable to identity thieves posing as potential clients. The criminals then trick practitioners into opening email links or attachments that infect computer systems.

The warning about these phishing scams comes as part of the IRS and its Security Summit partners annual summer campaign. This year's theme, Boost Security Immunity: Fight Against Identity Theft, urges tax pros to step up their efforts to protect client data.

Scams may differ in themes, but they generally have two traits:

• They appear to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS.
• They tell a story, often with an urgent tone, to trick the receiver into opening a link or attachment.

Fraudsters continue to impersonate pandemic-related government benefit programs to launch phishing campaigns. Pandemic-related scams may be delivered by email, social media, phone, or text, and may reference legitimate programs such as Economic Impact Payments. Instead of providing economic relief, these scams collect personal and financial information. Legitimate government programs will have corresponding information on their official government websites.

Phishing emails or SMS/texts - known as smishing - attempt to trick the person receiving the message into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Anyone with a smartphone is a potential target. Smishing scams may leverage the child tax credit or other pandemic-related tax-related programs to trick recipients into visiting phishing websites.

A specific kind of phishing email is called spear phishing. Rather than the scattershot nature of general phishing emails, scammers take time to identify their victim and craft a more enticing phishing email known as a lure. Scammers often use spear phishing to target tax pros.

In a reoccurring and very successful spear phishing scam, criminals pose as potential new clients, exchanging several emails with tax pros before following up with an attachment that they claimed was their tax information. Once the tax pro clicks on the URL or opens the attachment, malware secretly downloads onto their computer, giving thieves access to passwords to client accounts or remote access to the computer. Thieves then use this malware known as a remote access trojan to take over the tax professional's office computer system, identify pending tax returns, complete them and e-file them, changing only the bank account information to steal the refund. This scam remains popular as many tax pros continue to work remotely and communicate with clients over email versus in-person or over the phone because of COVID-19.

Tax pros should follow basic security steps to protect their accounts and client data. For example, using the two-factor or the multi-factor authentication option offered by tax preparation providers or storage providers would protect client accounts even if passwords were inadvertently disclosed. Keeping anti-virus software automatically updated helps prevent scams that target software vulnerabilities. Using drive encryption and regularly backing up files helps stop theft and ransomware attacks.

More information:
Publication 4557, Safeguarding Taxpayer Data