Tax season is officially here! In addition to the start of the season, this week is Tax Identity Theft Awareness Week. Despite all of the safeguards the IRS has put in place to stop cybercriminals, it’s still our duty as tax preparers to educate clients, and follow strict online security procedures to protect sensitive data.
Communicate with Clients
Have you sent out information to clients about the importance of cybersecurity? Do they know the best practices? Here are some resources to consider.
4 Things to Know About Tax Fraud and Identity Theft (this blog post from our sister company, Peoples Tax is a great example of information you should be providing to your clients)
Cybersecurity Best Practices
Just like previous years, it’s important that tax pros and taxpayers are vigilant against identity thieves. In addition to targeting taxpayers, cybercriminals have started targeting tax pros. They do this through phishing scams that seem to come from entities you would normally trust.
Do you know the best practices? Here’s a handy infographic from Lifelock.
Be sure to also check out our blog post that outlines the IRS Don’t Take the Bait Series.
There are a lot of scams out there right now, but some are more prevalent that others. Overall, you should watch for requests to reauthorize your account; sensitive information like bank account numbers, social security numbers, or passwords; or requests to download a file or click on a link. All of these are signs that your are being phished. Here are some of the top scams that the IRS has identified so far this year.
W2 Phishing Scam
Back to haunt us in 2018! This scam prays upon payroll department employees as an attempt to gain access to the payroll information for entire companies. Details can be found on Accounting Today here.
IRS Agent Impersonation
This scam has been going on for years and is used often by cybercriminals. The scammer calls the taxpayer and poses as an IRS agent. They demand payment or information over the phone and threaten everything from steep fines to jail time.
Tax Professional Phishing Scams
Like we said, scammers are targeting tax professionals as well as taxpayers. You will be contacted by someone who is posing as your tax software provider, cloud-based storage provider, or IRS e-services. The email address and website you are directed to will look VERY close to the real thing but alas it will be a fake. Once you enter your username and password, they gain access to all of your information.
Learn more here: https://www.theincometaxschool.com/blog/tax-preparer-scams/
Here are a few resources to know about to stay in the know about current tax scams:
- The IRS List of Dirty Dozen Tax Scams (a general overview of schemes)
- Our Tax Scam Roundup – which is updated as we learn about new scams.
What to do in the Event of a Data Breach
If you do fall victim to a data breach, it’s important that you follow these steps immediately.
- Contact IRS local stakeholder liaison.
- Contact the local office of the FBI
- Contact the Secret Service
- File a police report with local police
- In the states in which the tax professional prepares state returns, contact the State’s Attorney General
- Email the Federation of Tax Administrators (StateAlert@taxadmin.org)
- Get a security expert to determine the cause and scope of the breach, to stop the breach & to prevent future breaches.
- Contact insurance companies to report the breach.
- Contact the Federal Trade Commission (firstname.lastname@example.org).
- Get Credit/identity theft protection
- Notify the Credit bureaus of a compromise.
- Notify all victims to inform them of the breach.
You should also look into Data Breach Insurance.
Education and vigilance is crucial this tax season! Inform your clients, and train your employees. Have a safe, easy, incident free tax season.