Much of what follows was extracted from the Security Summit Presentation by IRS Tax Practitioner Stakeholder Liaison Jill Maniacci.
Take extra steps during the holiday season to protect yourself, your clients and your business against fraudsters. Visit IRS.gov/securitysummit to learn about the extra preventative steps that every tax professional should take.
Scams are annually on the increase during the tax filing season. Watch out for fake e-mails. Never click on an imbedded hyperlink. These scams leverage common public information about you to con you out of personal and financial information.
Remember that the IRS does not email or call taxpayers to demand payments or release refunds. Nor does the IRS want prepaid gift cards or wire transfers. The IRS does not ask for social media, login credentials
Scams often include urgent messaging that require you to re-authenticate login information. Some scams hide behind a screen, such as the employee/W2 Identity Theft Central Operations. The IRS does offer an Identity Theft Central Business section. Tax professionals should familiarize themselves with the IRS operation at IRS.gov.
The elderly and all non English proficient Americans are most commonly targeted for contact scams. All taxpayers and tax professionals are subject to email scams.
Scam emails might be similar to a familiar style, but can be poorly written, include an attachment, include a suspicious source email address. Forward such unsolicited emails to Phishing@IRS.gov and then delete. These scam emails often install malware on your computer. A common tactic is underlined with an expired software license or failed bank deposit.
Use string passwords, at least 12 upper and lower case letters mixed with numbers and special symbols, such as 8rU1n5*And*r3ds0x.
An e-filed rejection due to duplicate Social Security Number is an known sign of tax related ID theft, as is an IRS notice for a tax year that the taxpayer did not file a return for. File form 14039 and check out IRS.gov/IDTheft. The IRS sends letter to taxpayers about suspicious tax returns with phone and online contact information.
All businesses, individuals and tax professionals should apply for an IP PIN at IRS.gov/IPPIN. IP PIN’s are valid for one calendar year and protect your federal tax account from ID theft.
The Federal Trade Commission has published small business recommendations at FTC.gov. Search “CyberSecurity for Small Business” in the search phrase box.
In summary:
- Protect Files, even paper files.
- Update Security Software
- Encrypt devices, including Iphones and Icloud storage
- Use multi-factor authentication
- Secure your router
- Train Your staff
On your website pages that have message us features, imbed something like CAPTCHA to separate individual from machine generated contacts
Contact Jill.A.Maniacci@IRS.gov for more information about Client Data Security.