Drake Software blog for tax pros, covering tax, IRS news, and more

New Phishing Scam Targets Tax Professionals and Taxpayers’ Data

New Phishing Scam Targets Tax Professionals and Taxpayers’ Data

As we all make last-minute preparations for the 2017 filing season, along comes a new scam aiming to entice tax professionals to unwittingly give the crooks access to their e-services and other accounts. This newest scam comes in the form of an email with the subject line of, “Mails on Hold!”

These emails may appear to be from the IRS or e-services, and they may include references to such things as IRS personnel or PTINs. The Internal Revenue Service – and its security task force of industry partners, the Security Summit – strongly urge people NOT to click on any link or attachments found in these scam emails.

This all brings us to a larger question: Just how do we protect our offices from scammers, hackers and other crooks who are bent on breaking into our financial and taxpayer data?

One strategy is to enlist the services of a security consultant or even your insurance company. Another source of strategies is IRS Publication 4557, Safeguarding Taxpayer Data. But the IRS’ Security Summit partners have come up with a list of steps we can take now, on our own. Consider this a list of best practices for best security.

  • Take responsibility yourself or assign someone to be responsible for data safeguards;
  • Assess the risks to taxpayer information in your office. Make sure to include your operations, the physical environment, computer systems and employees, if applicable;
  • Make a list of the locations where you keep taxpayer information (computers, filing cabinets, and the containers taxpayers may bring you);
  • Write a plan of how to safeguard taxpayer information. Put appropriate safeguards in place;
  • Use service providers who have policies to maintain an adequate level of information protection; and
  • Monitor, evaluate and adjust your security program as your business or circumstances change.

One thing you need to come up with for your organization is a list of security controls. These are the management, operational and technical safeguards you can put in place to protect the confidentiality, integrity and availability of customer data.

Security controls can be as simple as locking doors to restrict physical access to paper files or to computers containing electronic data. When dealing with electronic data, require passwords to restrict access to data and encrypt stored data files. Always keep backups of your electronic data for recovery in case there’s a failure.

When it comes to physical files, always shred unneeded copies of returns or any other paper containing taxpayer data. And remember to remove sensitive or personal information before mailing a document through the Postal Service. This can mean blacking out or removing SSNs or ITINs before the return goes into the envelope.

The IRS has more ways to protect your data and the data of your clients. Visit their “Protect Your Clients. Protect Yourself.” web site for more tips, videos and updates on protecting the data that is the heart of our industry.

Bob Williams

Forget genes; I’ve got words in my DNA. Communication has been part of who I am nearly all my life. From a long career in radio news to another one in newspapers – and a University of Georgia journalism degree sandwiched between the two – language has been my life. I’ve also been fortunate to have learned the tax business from the ground up here at Drake, starting with 1040.com online forms some years ago before moving on to work on the Web. In all things tax-ish, we aim to give you tools you can use.