Fighting Against Identity Theft
This summer, the IRS and its partners have been pushing a public awareness campaign regarding cyber security risks that tax professionals need to pay attention to, especially in the area of identity theft.
The campaign is called, “Boost Security Immunity: Fighting Against Identity Theft” and it’s asking professionals to take those necessary steps to avoid data breaches.
The IRS states that more data thefts have been reported so far in 2021 than the previous year, and those numbers are on the rise.
It is important for tax professionals to take the appropriate steps to protect their clients and their businesses. Cyber criminals have taken advantage of the pandemic, and unfortunately the various assistance programs have added easier targets for scammers to steal data and money from victims.
Now that the IRS knows some of the signs to detect identity theft, they are sharing those areas to keep a close eye on.
Tax professionals should look out for:
- Rejected tax returns due to Social Security Number having previously filed
- More e-file acknowledges than returns filed
- Emails being responded to by clients that were not sent to them by their tax pro
- Unusually long processing times
- Changing numbers when not touching keyboard
- Mouse cursor moving without being touched
- Unexpected lock out of network or computer
Cyber criminals continue to become more creative in ways to scam individuals and businesses, and tax professionals are a good mark due to the sensitive nature of their business. Stolen data from a tax professional allows criminals to file false returns that are incredibly difficult to detect due to the fact that the information used is real financial information.
Tax professionals and business owners need to consider the strength of their cyber security, as an attack on their business could negatively impact their reputation, brand, and overall success.
A few IRS safeguarding tips for tax professionals are:
- Multi-Factor authentication
- Anti-Virus software
- Strong passwords
- Virtual private networks
- Encourage Identity Protection PINs to clients
One of the largest scams tax pros should be conscious of is false unemployment filings. Many individuals received year-end state unemployment forms to report taxable unemployment income that they never filed for or received.
“Spear Phishing” is another scam often targeted towards tax professionals. Carefully curated emails are sent to tax professionals posing as interested clients. After several days of communication, they will send a link or attachment that once opened will download a software that will provide them remote access to the professionals systems.
Tax professional should take note of what clients report to them such as:
- Receiving IRS authentication letters when they have not filed a return
- Tax refund received when they have not filed a return
- Receivable of tax transcripts not requested by them
- Emails from their tax professional not initiated by them
- Phone calls from their tax professional not initiated by them
- IRS online account notification without their consent
- IRS disable their online account
- Unexpected IRS notice that someone accessed their IRS online account
If a firm is breached, it is important to immediately report this to the local IRS Stakeholder Liaison. They will in turn report this to the IRS Criminal Investigation and other appropriate parties. The quicker the report is in, the sooner the IRS can take measures to stop any fraudulent filings.
Also, it is good practice to report identity theft to the Federation of Tax Administrators, and many states also require that the states attorney general be notified as well.
It is more important than ever for accounting professionals to do their due diligence to protect themselves and their clients from the risk of cyber criminals.