| |||
News EssentialsThe Newsroom TopicsIRS Resources | Issue Number: IR-2024-188Inside This IssueSecurity Summit warns tax pros to remain vigilant against phishing emails and cloud-based attacks Week 2 of "Protect Your Clients; Protect Yourself" series focuses on evolving threats WASHINGTON — In the second installment of a special series, the Internal Revenue Service and Security Summit partners warned tax professionals to be aware of evolving phishing scams and cloud-based schemes designed to steal sensitive taxpayer information. The IRS and Security Summit partners – representing state tax agencies and the nation's tax industry – continue to see a steady stream of e-mail and related attacks aimed at the nation's tax professional community. These are designed to steal sensitive tax and financial information from clients. The variants of these email attacks routinely number in the hundreds and can target tax professionals whether it's tax season or not. "We continue to see a barrage of email and related attacks designed to trick tax professionals and gain access to their sensitive information," said IRS Commissioner Danny Werfel. "These attempts can be elaborate, multi-layered efforts that look convincing and can easily fool people. Tax professionals need to be wary and educate their employees to use extra caution to protect their clients and their businesses." This is the second release in an eight-part "Protect Your Clients; Protect Yourself" summer series, part of an annual education effort by the Security Summit, a group that includes tax professionals, industry partners, state tax agencies and the IRS. The public-private partnership has worked since 2015 to protect the tax system against tax-related identity theft and fraud. These security tips will be a key focus of the Nationwide Tax Forum, which will be in five cities this summer throughout the U.S. In addition to the series of eight news releases, the tax professional security component will be featured at the forums, which are three-day continuing education events. The remaining forums begin July 30 in Orlando, August 13 in Baltimore, August 20 in Dallas and September 10 in San Diego. The IRS reminds tax pros that registration deadlines are quickly approaching for several of the forums, and Orlando is already sold out. Phishing, spear phishing, clone phishing and whaling One of the most common threats facing tax pros are phishing and related scams. These are designed to trick the recipient into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Tax professionals and taxpayers should be aware of different phishing terms and what the email scams might look like:
Security Summit partners continue to see instances in which tax professionals have been particularly vulnerable to emails posing as potential clients. In the "new client" scam, the criminals use this technique to trick practitioners into opening email links or attachments that infect computer systems with the potential to steal client information. Similar schemes are seen with whaling situations where scammers try to obtain a large amount of information with legitimate-looking email requests. Warning signs of a scam Regardless of the type of phishing attempt, tax pros can protect themselves and their organization by being aware of these scams and looking for warning signs like these:
"There are major red flags that can be easily overlooked, so tax professionals and taxpayers should be extra careful and look closely when they receive an email from an official looking source," Werfel said. Cloud-based schemes remain a threat Tax professionals using cloud-based systems that store information or run tax preparation software should use multi-factor authentication to help safeguard that data. The Federal Trade Commission now requires all practitioners to secure sensitive client personally identifiable information (PII) using multi-factor authentication. Specifically, the Security Summit continues to see attacks that take advantage of cloud-based systems and compromise personal information. Multi-factor authentication options provide an additional layer of security to access a system by using a phone, text messages or tokens. Since email is easier for identity thieves to access, having these layers of security helps guard against potential vulnerabilities. Additional resources For tax professionals who are victim of any of these schemes or identity theft, the IRS urges them to quickly contact their IRS Stakeholder Liaison to provide details of the situation. Tax professionals can also share information with the appropriate state tax agency by visiting a special "Report a Data Breach" page with the Federation of Tax Administrators. Quickly reporting these incidents can not only protect the tax pro's clients, but it can also help provide critical information quickly to help prevent these attacks from hitting others in the tax community. Tax professionals should also understand the Federal Trade Commission's data breach response requirements as part of their overall information and data security plan. There's a new requirement to report an incident to the FTC when 500 or more people are affected within 30 days of the incident. To help taxpayers navigate these issues and meet the requirement to have a security plan, the Security Summit has prepared a sample Written Information Security Plan. This template can help tax pros, including smaller practitioners, protect themselves from ongoing security threats. Tax professionals should also review IRS Publication 4557, Safeguarding Taxpayer Data, for more information. Other resources include Small Business Information Security: The Fundamentals, by the National Institute of Standards and Technology and the IRS' Identity Theft Central pages for tax pros. Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. The IRS also encourages tax professionals to stay connected to the IRS for its latest updates and alerts through subscriptions to e-News for Tax Professionals and its social media sites. Thank you for subscribing to the IRS Newswire, an IRS e-mail service. If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe. This message was distributed automatically from the mailing list IRS Newswire. Please Do Not Reply To This Message. |
Tuesday, July 16, 2024
IR-2024-188: Security Summit warns tax pros to remain vigilant against phishing emails and cloud-based attacks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment