New Wave of Attacks Focused on Tax Professionals

Tax Law and News IRS and tax professionals

Intuit® ProConnect™ is committed to helping safeguard your and your clients’ information. This includes making you aware of emerging security threats that are impacting tax professionals nationwide.

The IRS is now warning tax professionals of a new wave of attacks that allow identity thieves to file fraudulent tax returns by remotely taking over practitioners’ computers. The IRS is urging tax professionals to review their tax preparation software settings and immediately enact security measures, especially those settings that require usernames and passwords to access the products.

The IRS recently issued instructions to tax professionals on how to monitor their Preparer Tax Identification Number (PTIN) activity. In addition, as part of the Security Summit process, the IRS, state tax agencies and the tax industry have launched the Protect Your Clients; Protect Yourself campaign to give you more information on how you and your clients can protect data.

Here are some additional tips to help further protect yourself and your clients:

Prevention is the first line of defense against tax fraud! In addition to activating security measures for tax software products, the IRS urges all tax preparers to take the following steps:

  • Shred financial records: Shred all documents that include sensitive client information before throwing it away.
  • Restrict access to client files and computers: All computers with sensitive client records should be protected with a strong password. Create a combination of upper and lower case letters, numbers, and symbols. Don’t use passwords that are generic and easy to guess, such as your firm name, the word “password” or a numeric sequence. Paper files should be kept locked and access restricted.
  • Run a security “deep scan:” Search for viruses and malware.
  • Beware of phishing scams: Criminals use fraudulent emails and create fake websites to lure unsuspecting users into revealing private account information, including your EFIN. Be suspicious of unsolicited emails that ask for confidential or sensitive information and include a link to a website. Mouse over the link, look at the site’s address and make certain that it appears legitimate before clicking. Intuit posts notices for phishing emails on the Intuit Online Security Center.
  • Install or update anti-virus software on computers: Use the latest version of your web browser. Install security patches and software updates as soon as they are available.
  • Educate: All staff members should be aware of the dangers of phishing scams, in the form of emails, texts and calls.
  • Review: Software that your employees use to remotely access your network, and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems, should be reviewed. Remote access software is a potential target for bad actors to gain entry and take control of a machine.

Tax professionals should review Publication 4557, Safeguarding Taxpayer Data, a Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security. In addition, practitioners should review Data Breach Information for Tax Professionals for information on what action they should take if they do become victims.