Take News of Identity Theft Schemes Very Seriously
Protect Your Identity by Staying Informed
As we prepare to step into another tax season, it serves us well to take stock of our security measures and how we keep our data safe and secure. Let’s face it: the line between being a target and merely an observer of identity theft is being more blurred all the time.
One minute you’re reading about an identity theft scam somewhere else – and the next, you discover you’ve been hacked. The old phrase, “It can’t happen to me,” just doesn’t apply anymore.
So, just how serious is the threat of identity theft and tax fraud to the average tax preparer? Consider these recent reports from the Internal Revenue Service:
- In April and August of 2016, the IRS sent emergency alerts to tax professionals about criminals using remote access technology to gain control of preparers’ computers. The criminals used the preparers’ own computer systems to complete client tax returns, file them with the IRS and then direct the refunds to the hackers’ personal bank accounts. How the criminals gained control of preparers’ computers is still under investigation. However, the incident shows the value of strong passwords, not only to access computers and each client file, but also to password-protected wireless systems.
- One successful scheme aimed at payroll professionals could easily have migrated to tax preparers. A criminal created a “spoofing” email to appear as though it came from a company executive. The email requested Form W-2 information for each employee. Because of this scam, tens of thousands of Forms W-2 were sent to identity thieves.
- One ruse tries to make tax preparers think a client is emailing with follow-up information from a previous discussion. The included attachment doesn’t contain tax information; it contains malware designed to infect computers. This malicious payload can contain a key logger that records all the keystrokes made on the target computer. It can then send usernames and passwords used on the computer straight back to home base without detection. The conversational tone of the phishing email tries to trick the preparer into thinking he had an earlier conversation with this client and now the ‘client’ is following up with requested tax information.
- Cybercriminals often pose as the IRS and request information that the IRS would never ask for via email or text. One popular scam tries to trick preparers into providing their password information for IRS e-Services accounts. The email to tax preparers asks them to update their e-Services accounts. It either infects the preparers’ computers with malware that tracks keystrokes or it sends preparers to a fake e-Services page where they enter password information. If you are in doubt about an e-services or IRS Quick Alert communication, go directly to the application through IRS.gov. Do not click on any link or attachment from a suspicious email.
Scams and hacks aimed at the tax system – and tax preparers – evolve each year. Cyber crooks are a clever bunch and come up with inventive ways to get around your defenses. To stay up with the competition, check out Publication 4557, Safeguarding Taxpayer Data, for steps to help protect your clients as well as your business.