The Internal Revenue Service and Security Summit partners are concluding their annual five-week “Protect Your Clients; Protect Yourself” awareness campaign with an urgent reminder for tax professionals to remain vigilant and strengthen their digital security measures to protect themselves and clients from identity theft. In the first half of this year, nearly 300 data breaches affected up to 250,000 clients.
Identity Theft Continues to Rise
The agency warns that identity thieves continuously evolve tactics, with tax professionals (and clients) remaining frequent targets. Examples of typical schemes provided by the IRS news release include:
-
Fake “new client” schemes – Fraudsters posing as potential clients send malicious attachments or links to steal credentials or install malware.
-
Phishing emails – Fake communications targeting both taxpayers and tax professionals, from agencies posing as legitimate organizations such as the IRS, designed to steal sensitive information like passwords, Social Security numbers and Central Authorization File information.
-
Various scams – Calls, texts, fake correspondence and misleading social media posts to gain access to client data.
-
Social media scams – Circulating inaccurate or misleading tax information, such as on TikTok and other platforms, urging people to misuse standard tax documents like Form W-2 without seeking proper advice from tax professionals.
The scams don’t stop there. Other sophisticated ploys, including scammers setting up bogus charities to exploit the public’s generosity, also constantly pop up.
Warning Signs of Identity Theft
The IRS urges tax professionals to watch for the following red flags from clients:
-
IRS Online Account created or accessed without consent;
-
Unrequested tax transcripts;
-
Incorrect IRS balance-due statements; and
-
Refunds received without filing tax returns.
Tax professionals should also look out for the following business warning signs:
-
Unusual computer activity or slow performance;
-
Being locked out of systems;
-
Returns rejected because a Social Security number was already used;
-
Unexpected IRS authentication letters or e-filed acknowledgments; and
-
IRS notifications about unrepresented clients or compromised CAF numbers.
Prevention Tools
In addition to staying abreast of recent developments and evolving scams by following along on the agency’s website and via their newsletter, the IRS also offers several resources to help tax professionals protect themselves and their clients:
-
Publication 5708 – A template for creating a Written Information Security Plan (WISP), required by law.
-
Security Six – The “Security Six” protections offer a relatively simple but essential starting point for tax pros to protect their offices, computers, data and clients from thieves and hackers. The six recommended tools include: anti-virus software, firewalls, backup services, encrypted drives, MFAs and VPNs.
-
IRS Identity Protection PIN Program – Six-digit PINs to prevent fraudulent tax return filings.
Responding to Data Breaches
In the event a tax professional is the victim of any of the schemes above or identity theft, or any other security breach, they should:
-
Report it immediately to a local IRS Stakeholder Liaison;
-
Notify the state tax agency through the Federation of Tax Administrators’ Report a Data Breach portal; and
-
Inform affected clients and recommend protective steps like obtaining an Identity Protection PIN or completing Form 14039.
#Identity #Theft #Schemes #Avoid