Useful Links: IRS.gov Help For Hurricane Victims News Essentials What's Hot News Releases IRS - The Basics IRS Guidance Media Contacts Facts & Figures Around The Nation e-News Subscriptions The Newsroom Topics Multimedia Center Noticias en Español Radio PSAs Tax Scams/Consumer Alerts The Tax Gap Fact Sheets IRS Tax Tips Armed Forces Latest News IRS Resources Contact Your Local IRS Office Filing Your Taxes Forms & Instructions Frequently Asked Questions Taxpayer Advocate Service Where to File IRS Social Media | Issue Number: Tax Tip 2022-136 A few simple steps can keep tax pros ahead of email and cloud-based scams Even a savvy person can get duped by a phishing email if they don't know the warning signs of a scam. It's unfortunate when anyone is fooled by an identity thief, but tax pros especially need to be aware of evolving scams that steal client data.
Criminals often pose as potential clients in fraudulent emails and texts Securing their network to protect taxpayer data is a key responsibility for tax professionals, so they need to be aware of malware and scams. Tax pros are a common target for scammers who use phishing emails or texts to try and trick them into sharing personal information or clicking on malicious links and attachments that can compromise data.
These criminals often pretend to be potential clients, exchanging several emails with the tax pro. Once they've earned the tax pro's trust, they send an email with a link or attachment they claim is their tax information. When the tax pro clicks on the link or opens the attachment, malware secretly downloads onto their computer, giving thieves access to passwords or remote computer access.
Once thieves are in the system, they can steal taxpayer data and their refunds Thieves can use malware to take over a tax professional's computer system and steal refunds by identifying pending tax returns, changing the bank account information, completing the returns and e-filing them. Criminals will also use ransomware attacks to shut down a company. When the unsuspecting target opens a link or attachment, malware attacks the computer system to encrypt files. The thieves then hold the data for ransom.
Storing taxpayer data on a cloud-based system with weak security is another risk Thieves will often take advantage of weak security on cloud-based systems storing client data. Tax pros should ensure they're using strong multi-factor authentication whenever they use a cloud-based system. Once thieves access the system, they can use existing data from taxpayer returns to file new tax returns for the refunds.
There are many forms of multi-factor authentication available text-based or email-based, authenticator apps, push notifications and Fast Identity Online or FIDO. More information is available on the Cybersecurity and Infrastructure Security Agency website. Tax pros can take a few basic security steps to help protect client data by: - Using the two-factor or the multi-factor authentication option offered by tax preparation providers or storage providers to protect client accounts, even if passwords are stolen.
- Keeping anti-virus software automatically updated to help prevent scams that target software vulnerabilities.
- Using drive encryption and regularly backing up files to help stop theft and ransomware attacks.
More information: Publication 4557, Safeguarding Taxpayer Data Small Business Information Security: The Fundamentals Identity Theft Central Publication 5293, Data Security Resource Guide for Tax Professionals
Share this tip on social media -- #IRSTaxTip: A few simple steps can keep tax pros ahead of email and cloud-based scams. http://ow.ly/kOE750Kz12K
Back to top Thank you for subscribing to IRS Tax Tips, an IRS e-mail service. For more information on federal taxes please visit IRS.gov. This message was distributed automatically from the IRS Tax Tips mailing list. Please Do Not Reply To This Message. |
No comments:
Post a Comment