In July, the IRS launched a campaign directed at tax professionals to increase awareness about new threats from cyber criminals. According to an article that published just after the IRS Security Summit in early July, 177 tax firms were victims of data theft by cyber criminals in the first five months of 2017. These cyber thefts often begin with a phishing scam targeting someone in the tax firm.
“We continue to see new and evolving threats involving data breaches, intrusions and various takeovers that put people’s personal information at risk,” said IRS Commissioner John Koskinen. “These efforts are increasingly targeting tax professionals and businesses with tax information. Too many still overlook basic security steps needed to protect their data.”
The IRS currently is receiving three to five data theft reports a week from tax practitioners. Although not all data losses are due to phishing scams, stopping this commonly used tactic by cybercriminals would significantly reduce data theft.
A recent article on the Intuit® ProConnect™ Tax Pro Center summarized the IRS campaign to warn tax professionals about phishing scams and provided guidance to “beware your inbox.”
“We’ve been warning tax professionals that they are increasingly the targets of national and international cybercriminal rings,” said Koskinen. “These syndicates are well-funded, knowledgeable and creative. It’s going to take all of us working together to combat these identity thieves, but doing nothing or making a minimal effort is no longer an option. Anyone who handles taxpayer information has a legal responsibility to protect it.”
Security Tools for Your Tax Practice
To help tax professionals safeguard taxpayer data in their office, the IRS created Publication 4556, Safeguarding Taxpayer Data. The first responsibility for all tax professionals is to write and follow an information security plan. In a recent Intuit ProConnect survey, only 28 percent of respondents had a written plan in place, demonstrating there is still low awareness and compliance of security requirements in the tax professional community.
Intuit ProConnect recommends someone inside firms take responsibility for security and driving awareness and education. That individual should subscribe to the e-News for Tax Professionals, which includes regular security alerts about emerging threats and scams. We also recommend attending the one-hour webinar, “Safeguarding Taxpayer Data,” for best practices to implement in your tax firm.
Progress in the Fight Against Fraud
The Security Summit was formed in 2015 when Koskinen convened representatives from state revenue agencies, the tax software industry and the financial services profession to help the IRS in the fight against tax fraud.
“The IRS, state tax agencies and the tax community have worked hard to turn the tide against tax-related identity theft,” he said. “We’re making progress in protecting individuals, but we still have more work to do, especially in the business tax area and involving tax professionals.”
In the first five months of 2017, about 107,000 taxpayers reported being victims of identity theft, compared to the same period in 2016 when 204,000 filed victim reports. That’s about 97,000 fewer victims, representing a drop of 47 percent. For comparison, there were nearly 297,000 identity theft victims during the first five months of 2015.
The decline is part of an ongoing trend that began in 2016 when Security Summit safeguards were put in place. That same trend is also what’s driving cyber criminals to change their tactics and target tax professionals. Using stolen taxpayer data from tax firms makes it easier for criminals to masquerade as legitimate tax professionals.
An important tenant of the Security Summit is to increase awareness and education about threats because fighting fraud requires participation from everyone.
“Protecting taxpayers and strengthening the integrity of the U.S. tax system is a team effort, and the progress we’ve made together over the past 18 months demonstrates our shared commitment to fight fraud,” said CeCe Morken, executive vice president and general manager of Intuit ProConnect. “There’s still much work to do. Intuit is committed to doing our part to actively promote a set of best practices and standards for reporting suspicious behavior to the IRS and state revenue agencies to help them improve their ability to identify tax fraud.”