IRS Launches New Educational Series on Cybercrime

Taken from the IRS notice: an example of a spear phishing email that targeted a tax professional during the 2017 filing season

We’ve been talking a lot about phishing scams and tax fraud lately. It’s a very serious problem that has lots of people in the industry talking – including the IRS. Cybercriminals have become increasingly sophisticated, which means taxpayers and tax professionals need to become more educated about how these scams work. We talked about this in the blog a few weeks ago: Would You Take the Bait? Why Phishing Scams Should Concern You.

This week, the IRS announced the launch of a new cybersecurity awareness effort designed to educate tax pros, who are one of the most targeted groups when it comes to cybercrime.

Don’t Take the Bait

The Don’t Take the Bait Series is part of US-CERT’s “Protect Your Clients, Protect Yourself” campaign. This 10 week campaign covers spear phishing emails, business identity theft, account takeovers, ransomware attacks, remote takeovers, business email compromises, and Electronic Filing Identification Number thefts.

Since the IRS and other agencies have taken measures to make sure cybercriminals don’t get their hands on sensitive information or file fraudulent returns and collect taxpayer money, cybercriminals have set their sites on a new target: tax professionals who also have the necessary info to steal someone’s identity.

In fact, according to the IRS, there were 177 tax professionals or firms that reported data thefts from January through May of this year. That’s thousands of stolen taxpayer data! The IRS is currently receiving 3-5 data theft reports per week from tax professionals.

According to Commissioner Koskinen, “We continue to see new and evolving threats involving data breaches, intrusions and various takeovers that put people’s personal information at risk. These efforts are increasingly targeting tax professionals and businesses with tax information. Too many still overlook basic security steps needed to protect their data. As part of this, we urge the tax professional community: Beware your inbox. Don’t take the bait from these phishing scams.”

If you haven’t already, take a look at their first news release, that lays out what a phishing scam is and how to identify it: Don’t Take the Bait, Step 1: Avoid Spear Phishing Emails. It’s extremely informative and helpful! Look for these releases each week through the end of the IRS Tax Forums in September.

For more education on cybercrime and tax fraud, check out these resources:

Avoiding Social Engineering and Phishing Attacks

Season of Risk: Preparers Face Malpractice Suits

Protect Yourself and Your Clients from Cybercrime

What Kind of Idiot Gets Phished?