The IRS Security Summit, a working group of the IRS, state tax agencies, and the national software industry and tax community, are urging taxpayers and tax professionals to be aware of the dangers posed by online scams and to take necessary steps to combat attacks, enhance computer security systems, and protect taxpayer personal identifying information.
Focusing on “Boost Security Immunity: Fight Against Identity Theft”, the Security Summit warned against an increasingly common type of cyber-attack known as phishing in which an attacker sends fraudulent emails or text messages in an attempt to obtain personal data such as passwords, financial account numbers, credit card numbers, and Social Security numbers. These messages often appear convincingly to be from a trusted source and contain a link or attachment which, once clicked, infects the recipient’s computer with malware, allowing an attacker to access personal identifying information. One type of malware called remote access trojan (RAT) even allows scammers to gain remote control of a victim’s computer. Tax professionals are a common target of cyber-attacks. Once an attacker has scammed their way into a tax professional’s system, they have the power to identify in-progress tax returns, complete them, and e-file them so that an individual’s tax refund is redirected to the scammer’s bank account. Attackers may also encrypt important files and hold them for ransom.
Given the severe harm these cyber-attacks can cause, taxpayers and tax professionals are encouraged to take steps to prevent against the theft of sensitive personal and client data. Potential security measures include using two-factor (2FA) or multi-factor authentication (MFA) to log into personal accounts, regularly updating anti-virus software, and using drive encryption.
In a new effort to protect against tax-related identify theft, the IRS has introduced the Identity Protection PIN Opt-In Program which allows taxpayers to obtain a personalized six-digit PIN known only to the taxpayer and the IRS. Taxpayers should only share their IP PIN with a trusted tax professional, through a secure means of communication, to input onto an electronic or paper-filed tax return. Using an IP PIN prevents cyber thieves from being able to file a false return with an victim’s social security number. IP PINs also allow taxpayers to obtain data from the IRS, such as account transcripts, more quickly and efficiently than can their tax representatives.
The IRS advises that, “Tax professionals also can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology,” along with using resources from the IRS Identity Theft Central webpage.
Click here for more information on how to obtain an IP PIN and find other resources to combat online scams and attacks.
