The Latest IRS Tax Identity Theft Scheme
The IRS recently warned tax preparers about a new email phishing scheme aimed at targeting tax professionals. Here is a link to the release. Under the new scheme, scammers email tax professionals pretending to be from tax software providers and asking them to click on a link to download and install software updates.
The new scheme was identified as part of the IRS’s Security Summit process. As the IRS points out, it is the latest scheme in a series of attempts by fraudsters to use the IRS to trick people into giving up sensitive information such as passwords, Social Security numbers or credit card numbers or to make unnecessary payments.
As part of the warning, the IRS urges all tax preparers to take the following steps:
- Be alert for phishing scams: do not click on links or open attachments contained in e-mails and always utilize a software provider’s main webpage for connecting to them.
- Run a security “deep scan” to search for viruses and malware;
- Strengthen passwords for both computer access and software access; make sure your password is a minimum of 8 digits long (more is better) with a mix of numbers, letters and special characters;
- Educate all staff members about the dangers of phishing scams in the form of emails, texts and calls;
- Review any software that your employees use to remotely access your network and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems. Remote access software is a potential target for bad actors to gain entry and take control of a machine.
Tax professionals who handle taxpayer information should pay particular attention to warnings about newly-developed identity-theft schemes, like the one described above. Such professionals may be subject to a number of related laws and regulations, including the Gramm-Leach Bliley Act (GLB Act), the Federal Trade Commission’s (FTC) Financial Privacy and Safeguards Rules, IRS regulations, and other federal and state laws. They can face potential liability and may be required to take steps to protect taxpayer information.