Tuesday, August 10, 2021

IR-2021-166: Security Summit warns tax pros to be wary of pandemic-related email schemes

Bookmark and Share

IRS.gov Banner
IRS Newswire August 10, 2021

News Essentials

What's Hot

News Releases

IRS - The Basics

IRS Guidance

Media Contacts

Facts & Figures

Around The Nation

e-News Subscriptions


The Newsroom Topics

Multimedia Center

Noticias en Español

Radio PSAs

Tax Scams

The Tax Gap

Fact Sheets

IRS Tax Tips

Armed Forces

Latest News Home


IRS Resources

Compliance & Enforcement

Contact My Local Office

Filing Options

Forms & Instructions

Frequently Asked Questions

News

Taxpayer Advocate

Where to File

IRS Social Media


Issue Number:    IR-2021-166

Inside This Issue


Security Summit warns tax pros to be wary of pandemic-related email schemes

WASHINGTON – In a continuing twist on a common scam, the Internal Revenue Service, state tax agencies and tax industry today warned tax professionals to beware of evolving phishing scams that use various pandemic-related themes to steal client data.

The Security Summit partners continue to see instances where tax professionals, especially those who engage in remote transactions, have been vulnerable this year to identity thieves posing as potential clients. The criminals then trick practitioners into opening email links or attachments that infect computer systems.

Avoiding phishing emails is the fourth in a five-part series sponsored by the IRS, state tax agencies and the nation's tax community – working together as the Security Summit – highlighting critical steps tax professionals can take to protect client data. This year's theme "Boost Security Immunity: Fight Against Identity Theft," is an effort to urge tax professionals to work to strengthen their systems and protect client data during this pandemic and its aftermath.

"Identity thieves have been relentless in exploiting the pandemic and the resulting economic pain to trick taxpayers and tax professionals to disclose sensitive information," said IRS Commissioner Chuck Rettig. "Fighting back against phishing scams requires constant vigilance, and we urge tax pros to take some basic steps to help protect their clients and themselves."

Phishing emails or SMS/texts (known as "smishing") attempt to trick the person receiving the message into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Tax pros are a common target.

Scams may differ in themes, but they generally have two traits:

  • They appear to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS.
  • They tell a story, often with an urgent tone, to trick the receiver into opening a link or attachment.

A specific kind of phishing email is called spear phishing. Rather than the scattershot nature of general phishing emails, scammers take time to identify their victim and craft a more enticing phishing email known as a lure. Scammers often use spear phishing to target tax professionals.

In a reoccurring and very successful scam this year, criminals posed as potential clients, exchanging several emails with tax professionals before following up with an attachment that they claimed was their tax information. This scam was popular as many tax professionals worked remotely and communicated with clients over email versus in-person or over the telephone because of COVID.

Once the tax pro clicks on the URL and/or opens the attachment, malware secretly downloads onto their computers, giving thieves access to passwords to client accounts or remote access to the computers themselves.

Thieves then use this malware known as a remote access trojan (RAT) to take over the tax professional's office computer systems, identify pending tax returns, complete them and e-file them, changing only the bank account information to steal the refund.

In recent months, international criminals have used a ransomware attack to shut down a variety of companies. Criminals use similar, smaller scale tactics against tax pros. When the unsuspecting tax professional opens a link or attachment, malware attacks the tax pro's computer system to encrypt files and hold the data for ransom.

These scams highlight the importance of the basic security steps recommended by the Security Summit to protect data.

For example, using the two-factor (2FA) or the multi-factor authentication (MFA) option offered by tax preparation providers or storage providers would protect client accounts even if passwords were inadvertently disclosed. Keeping anti-virus software automatically updated helps prevent scams that target software vulnerabilities. Using drive encryption and regularly backing up files helps stop theft and ransomware attacks.

For tax professionals, securing their network to protect taxpayer data is their responsibility as a tax preparer.

To help tax professionals guard against phishing scams and better protect taxpayer information, the IRS recently updated Publication 4557, Safeguarding Taxpayer Data. The July 2021 version contains some of the latest suggestions such as using the multi-factor authentication option offered by tax software products and helping clients get an Identity Protection Pin.

Additional resources
In addition to reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, tax professionals can also get help with security recommendations by reviewing Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology. The IRS Identity Theft Central pages for tax pros, individuals and businesses have important details as well.

Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

For more information, see Boost Security Immunity: Fight Against Identity Theft.

Back to Top


FaceBook Logo  YouTube Logo  Instagram Logo  Twitter Logo  LinkedIn Logo


Thank you for subscribing to the IRS Newswire, an IRS e-mail service.

If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe.

This message was distributed automatically from the mailing list IRS Newswire. Please Do Not Reply To This Message.


This email was sent to business.solutions.ve@gmail.com by: Internal Revenue Service (IRS) · Internal Revenue Service · 1111 Constitution Ave. N.W. · Washington DC 20535 GovDelivery logo

No comments:

Post a Comment