 | |||
| |||
News EssentialsThe Newsroom TopicsIRS Resources | Issue Number: IR-2021-239Inside This IssueNational Tax Security Awareness Week, Day 4: Security Summit warns tax pros that pandemic adds to data-theft risks; offers tips and outlines common scams WASHINGTON – The Internal Revenue Service, state tax agencies and the nation's tax industry today warned tax professionals that they face additional security risks from cybercriminals seeking to use the pandemic and phishing scams to steal sensitive client information. The partners, working together as the Security Summit, urged tax pros to remain focused on security issues and ensure they follow important steps to safeguard their information, including using multi-factor authentication and using a Virtual Private Network to guard against data loss. And Summit partners continued to remind tax pros, both large and small, that they are required to have a security plan in place. This is part of the National Tax Security Awareness Week. Now in its sixth year, the initiative aims to heighten awareness about identity theft and data security measures among taxpayers, businesses, and tax professionals. This effort is particularly important right now as the 2022 tax filing season approaches, and identity thieves continue trying to steal sensitive data to file fraudulent tax returns. "We continue to see scams and security risks during this period targeting tax professionals and the sensitive information they hold," said IRS Commissioner Chuck Rettig. "Identity thieves continue to evolve with the times and use the pandemic and other tricks to take advantage of tax pros and gain access to their data. We continue to urge tax preparers to remain aware of this changing threat. Taking important security steps can help avoid a security breach that can be devastating to them and their clients." As the IRS and Security Summit partners took important steps to strengthen defenses against cybercriminals, identity thieves increasingly turned to tax professionals, targeting their offices and systems. Data thefts from tax professionals can provide valuable information to thieves trying to file fraudulent tax returns. The Summit partners remind tax professionals to review their security measures. IRS Publication 4557, Safeguarding Taxpayer Data (.pdf), provides tax professionals with a starting point for basic steps to protect clients. The Security Summit also created the "Taxes-Security-Together" Checklist to help tax professionals identify the basic steps they should take. As more tax preparers work from home or remote locations because of COVID-19, these measures are even more critical for securing tax data. Basic protections - the 'Security Six' measures
Use multi-factor authentication to protect tax accounts Practitioners can download to their mobile phones readily available authentication apps offered through Google Play or the Apple Store. These apps will generate a security code. Codes also may be sent to preparer's email or text, but the IRS notes those are not as secure as the authentication apps. Search for "Authentication apps" in a search engine to learn more. Use virtual private networks to protect remote sites Failing to use VPNs can add risks to remote takeovers by cyberthieves, giving criminals access to the tax professional's entire office network simply by accessing an employee's remote internet. Tax professionals should seek out cybersecurity experts whenever possible. Practitioners can also search for "Best VPNs" to find a legitimate vendor, or major technology sites often provide lists of top services. Remember, never click on a "pop-up" ad that's marketing a security product. Those generally are scams. Avoid phishing scams, including attempts to gain EFINs Remember, scam emails can target tax pros by seeking EFIN information. One scam example says it's from "IRS Tax E-Filing" and carries the subject line "Verifying your EFIN before e-filing." The IRS warns tax pros not to take any of the steps outlined in these types of email, especially responding to the email. The body of the bogus email states: In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver's license before you e-file. Please have a current PDF copy or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-Services account at IRS.gov, and Front and Back of Driver's License emailed in order to complete the verification process. Email: (fake email address) If your EFIN is not verified by our system, your ability to e-file will be disabled until you provide documentation showing your credentials are in good standing to e-file with the IRS. Tax professionals who received the scam should save the email as a file and then send it as an attachment to phishing@irs.gov. They also should notify the Treasury Inspector General for Tax Administration at www.TIGTA.gov to report the IRS impersonation scam. Both TIGTA and the IRS Criminal Investigation division are aware of the scam. Like all phishing email scams, it attempts to bait the receiver to take action (opening a link or attachment) with a consequence for failing to do so (disabling the account). The links or attachment may be set up to steal information or to download malware onto the tax professional's computer. In this case, the tax preparers are being asked to email documents that would disclose their identities and EFINs to the thieves. The thieves can use this information to file fraudulent returns by impersonating the tax professional. Tax professionals also should be aware of other common phishing scams that seek EFINs, Preparer Tax Identification Numbers (PTINs) or e-Services usernames and passwords. Some thieves also pose as potential clients, an especially effective scam currently because there are so many remote transactions during the pandemic. The thief may interact repeatedly with a tax professional and then send an email with an attachment that claims to include their tax information. The attachment may contain malware that allows the thief to track keystrokes and eventually steal all passwords or take over control of the computer systems. The need for a security plan and data theft plan IRS Publication 5293, Data Security Resource Guide for Tax Professionals (.pdf), provides a compilation of data theft information available on IRS.gov, including the reporting processes. The IRS, state tax agencies, the private sector tax industry - including tax professionals - work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the fourth in a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details. Also, check out the most recent A Closer Look column on National Tax Security Awareness Week here.
Thank you for subscribing to the IRS Newswire, an IRS e-mail service. If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe. This message was distributed automatically from the mailing list IRS Newswire. Please Do Not Reply To This Message. | ||
| This email was sent to business.solutions.ve@gmail.com by: Internal Revenue Service (IRS) · Internal Revenue Service · 1111 Constitution Ave. N.W. · Washington DC 20535 |  |
No comments:
Post a Comment