IRS Security Summit 2022 renews warnings for tax pros to guard against identity theft amid continued threats

Tax professionals are prime targets of criminal syndicates that are both tech- and tax-savvy and well-funded. These scammers either trick or hack their way into tax professionals’ computer systems to access client data. Even when tax pros think they have client data stored in a secure cloud, lack of strong authentication can make this information vulnerable.

This is the seventh year that the Security Summit partners — the IRS, state tax agencies and the nation’s tax community — have worked to raise awareness about these issues through the “Protect Your Clients; Protect Yourself” campaign.

The campaign coincides with the dates for this year’s virtual IRS Nationwide Tax Forum, which runs online for five weeks, beginning July 19.

The forum will feature 32 webinars to help educate the tax professional community, and several are focused on cyber- and information security:

1)“Cybersecurity for Tax Professionals — Advanced Session,” presented by the American Coalition for Taxpayer Rights, July 21 at 2 p.m. ET.

2) “Deeper Dive into Emerging Cyber Crimes and Crypto Tax Compliance,” July 26 at 11 a.m. ET.

3) “Helping You and Your Clients Steer Clear of Fraud and Scams,” presented by the Treasury Inspector General for Tax Administration, Aug. 2 at 11 a.m. ET.

NOTE: Thursday, JULY 14, is the last day for tax professionals to register to attend the tax forum and have access to all 32 webinars. For more information and to register, visit www.irstaxforum.com.

This summer’s joint Security Summit-Tax Forum effort focuses on reminding tax pros to focus on fundamentals and to watch for emerging vulnerabilities when using cloud-based services for their practice.

Predatory tactics

Identity thieves were especially active this past year as they continued to use the pandemic, nationwide teleworking practices and other events as predatory tactics for a variety of scams. Thieves can use stolen data to file fraudulent tax returns that make it more difficult for the IRS and the states to detect because the fraudulent returns use real financial information. Other data thieves sell the basic tax preparer or taxpayer information on the web so other fraudsters can try filing fraudulent tax returns.

How tax professionals can help:

>>Sign up clients for Identity Protection PINs. The IRS now offers IP PINs to all taxpayers who can verify their identities online, on the phone with an IRS employee after filing a Form 15227 or in person. The IP PIN is a six-digit number that is known only to the taxpayer and the IRS. It helps prevent an identity thief from filing a fraudulent return in the taxpayer’s name. Tax professionals cannot obtain an IP PIN for their clients. Clients must verify their identities to the IRS. The easiest way is at the “Get an IP PIN” tool on IRS.gov. The IRS Electronic Tax Administration Advisory Committee recently described the IP PIN as“ the number one security tool currently available to taxpayers from the IRS. This tool is the key to making it more difficult for criminals to file false tax returns in the name of the taxpayer.”

>>Avoid spear phishing scams. One of the most successful tactics used by identity thieves against tax professionals is the spear phishing scam. Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Tax pros have been especially vulnerable to spear phishing scams from thieves posing as potential clients. Thieves might carry on an email conversation with their target for several days before sending the email containing a link or attachment. The link or attachment may secretly download software onto the tax pros’ computers that will give thieves remote access to the tax professionals’ systems.

>>Know the tell-tale signs of identity theft. Many tax professionals who report data thefts to the IRS also say that they were unaware of the signs that a theft had occurred. There are many signs that tax pros should watch for. These include multiple clients suddenly receiving IRS letters requesting confirmation that they filed a tax return deemed suspicious. Tax professionals may see e-file acknowledgements for far more tax returns than they filed. Computer cursors may move seemingly on their own.

>>Create a security plan. Not only is it a good practice, the IRS also reminds tax professionals that federal law, enforced by the Federal Trade Commission, requires paid tax return preparers to create and implement a data security plan. An information security plan protects the business and client information while also providing a blueprint for action in the event of a security breach. For many tax professionals, knowing where to start when developing a written security plan presents challenges. There are resources available to assist like IRS Publication 4557, Safeguarding Taxpayer Data. Other resources to help tax pros will be highlighted in an upcoming news release.

>>Help clients protect themselves whether working from home or traveling. With the continuation of work-from-home policies for many organizations, taxpayers may find themselves conducting their affairs — whether personal, business or financial — in a different way. Tax pros can help their clients protect themselves by sharing key informational points on computer security.

And follow MI Treasury on TWITTER!