February 2, 2018 – Today, the Internal Revenue Service urged tax pros to reinforce their security and to be careful of phishing emails. These emails can secretly plant malicious software on to their computers, allowing cyber-criminals to access and steal sensitive client information.
It has been only a few days into the new filing season and there has already been a new scam on the radar for the IRS. This new scam involves cyber-criminals stealing information from the computers of several tax professionals and filing bogus tax returns with it. These bogus tax returns use the taxpayer’s actual bank account for the deposit. Since these identity thieves are using actual client information to file the returns, it is harder for them to reroute the return to their own accounts. Once deposited to their accounts, someone posing as a debt collector agent, contacts the taxpayer to say that there was an error with the deposit they received in their bank accounts and asked the taxpayer to forward the funds directly to them.
The IRS says that this plot to deceive and extort is just one of the many we’ll be seeing during this filing season. Their tactics have evolved but the IRS, state tax agencies and tax industry will continue to fight against this form of identity theft.
Tax professionals who have had their systems compromised are reminded that they must report the information theft to the IRS as soon as possible. They must first contact the IRS Stakeholder Liaison of their specific state, who will then notify the IRS. They should also review the Data Theft Information for Tax Professionals for details regarding the process and any other steps that they should take.
If action is taken immediately to report the breach, the IRS can take steps to help protect the taxpayers from the tax-related identity theft. The IRS Criminal Investigation Agents are currently reviewing the information on the latest scam to learn more about it, however, the breach usually occurs when someone within the tax professional’s office opens a phishing email and opens an attachment or link provided within. Some of the malicious software can include keystroke recorders or remote control software so that thieves may see exactly what the tax professional is inputting into their system or to remotely gain access to the system from wherever they are.
To further protect taxpayers’ information, tax professionals should seek additional cyber-security measures. Speaking to cyber-security professionals and finding the best solutions can prevent unnecessary breaches in the future. Some basic steps professionals can take are listed below:
- Make all employees aware of phishing and what it is.
- Change all weak passwords to strong passwords (incorporating letters, numbers, symbols) with different password for each account.
- Beware of impersonation emails. If an email from the “IRS” asks you to open a link or attachment or threatens to close your account, visit the official e-Services website for a confirmation. If you hover over the link, the URL address will show up, if it is not a recognizable URL, don’t click it.
- Confirm with clients verbally if they requested via email last minute changes to where their refund must be sent.
- Use frequently updated software to defend your system against malware, viruses etc.
- Use the security features of your tax prep software.
- Forward any suspicious phishing emails to firstname.lastname@example.org
Taxpayers should also be alert and aware of any suspicious activity such as receiving a tax transcript or tax refund they did not request. To learn more about the actions to be taken, please read Taxpayer Guide to Identity Theft on the IRS website. If you receive a refund you haven’t requested, via direct deposit, the IRS urges to follow the steps outlined below:
- Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS.
- Contact the IRS via their toll-free numbers 800-829-1040 (individual) or 800-829-4933 (business)
If you’d like more information on returning an erroneous refund, read Returning an Erroneous Refund on the IRS website
To find out more about various scams used in the past, read the Security Summit’s Don’t Take the Bait campaign.