Security Alert for Tax Preparers - Protect Your Clients, Protect Yourself

Security Alert for Tax Preparers - Protect Your Clients, Protect Yourself

Email Phishing Scams Have Become Much More Prevalent

Hackers pretending to be the IRS target unsuspecting taxpayers in an effort to coerce individuals into providing sensitive personal information, including their passwords In the latest iteration, scammers are targeting tax preparers.

How Does it Work?

Rather than pretending to be the IRS, hackers disguise themselves as the preparer’s tax software provider.

Tax professionals receive an email containing a link which is represented as a download containing an update to the tax preparer’s current tax software package. The naming convention uses the name of the recipient’s software package with the extension “.exe”.
Instead of a software update, the program once downloaded, tracks the keystrokes made by the user, revealing passwords, login information, and other sensitive data.

This scheme was identified by the IRS Security Summit, a partnership between the IRS, the tax community, and other tax agencies, whose focus is to combat identity theft.

Protect Your Clients, Protect Yourself

As a result of the increasing rate of scams affecting tax professionals and other scams targeting individual taxpayers, professionals are urged to increase their security measures to protect both their own and client’s sensitive information.

Increasing Security Measures

The security alert, released recently on July 6, 2016, introduces a number of steps tax preparers can take to reduce security risks to themselves and their clients.

Some actions steps include:

  • Password changes no less frequently than quarterly
  • Encrypt emails that contain sensitive taxpayer information prior to sending
  • Provide training for team members making them aware of any policy changes in your security procedures to ensure compliance
  • Immediately prohibit access to secure information for employees no longer with your firm
  • Be careful when allowing remote access to the firm’s internal network
  • Pay special attention to your Preparer Tax Identification Number (PTIN)
  • Monitor your PTIN by periodically logging on to the IRS website to ensure that the number of tax returns that you have filed mirrors the record maintained by the IRS.

The IRS provides a comprehensive guide including additional tips and information about protecting taxpayer information. See Publication 4557, Safeguarding Taxpayer Data, for more details.