Week 1 of Protect Your Clients; Protect Yourself Series Focuses on Emerging and Ongoing Threats
The Internal Revenue Service (IRS) and the Security Summit have issued a renewed warning to tax professionals to remain vigilant against a variety of new and evolving schemes aimed at stealing business and taxpayer information. As identity thieves employ increasingly sophisticated methods to obtain sensitive data, tax professionals must be more cautious than ever to protect their clients and their businesses.
“As the Security Summit partners have continued to improve our defenses against identity theft, thieves have upped their game by targeting tax professionals to get valuable information needed to file authentic-looking tax returns,” IRS Commissioner Danny Werfel said. “Tax professionals need to watch out for deviously clever scams that can masquerade as new clients as well as communications from the IRS or others in the tax community. We continue to see tax professionals bombarded by these scams, and people shouldn’t let their defenses down.”
The Protect Your Clients; Protect Yourself Series
This alert is part of an annual educational effort by the Security Summit partners, a coalition of tax professionals, industry partners, state tax groups, and the IRS. Since its inception in 2015, this public-private partnership has worked to safeguard the tax system against identity theft and fraud.
This warning marks the beginning of the Protect Your Clients; Protect Yourself series, a summer news release campaign aimed at increasing awareness among tax professionals on ways to protect themselves and their clients from identity theft and security threats. This series will feature news releases each Tuesday for eight weeks, coinciding with the Nationwide Tax Forum, a series of three-day seminars starting today in Chicago and continuing with sessions in Orlando, Baltimore, Dallas, and San Diego.
The IRS forums will feature specific sessions to help educate the tax professional community on security-related topics, with experts from the IRS, the tax professional community, and the Salve Regina University’s Pell Center from Rhode Island providing insights. The entire news release series will also be available in Spanish.
Trending Scams and Schemes
The IRS and Security Summit partners are warning against the latest wave of activity from tax scammers. Tax professionals should be on high alert for these evolving threats:
- The “New Client” Scam
In this form of spear phishing, fraudsters pose as real taxpayers seeking assistance with their taxes. They use emails to trick tax professionals into sharing sensitive information or gaining access to client data. This may involve sending a malicious attachment or a link to a fake website designed to collect information or load malware onto the tax professional’s system.
- Phishing Scams Involving EFINs, PTINs, and CAF Numbers
Scammers are attempting to obtain various identification numbers used by tax professionals, such as Electronic Filing Identification Numbers (EFINs), Preparer Tax Identification Numbers (PTINs), and Centralized Authorized File (CAF) numbers. These identification numbers are used to file fraudulent returns that appear legitimate. Scammers often send emails or texts that appear to be from the IRS, asking tax professionals to confirm their information on a fake website.
- Phone, Text, and Correspondence Schemes
Tax professionals should also be wary of scams involving phone calls and text messages. Identity thieves use these methods to gather Social Security numbers, birth dates, and banking information. Some common schemes include:
- AI Scams: Using artificial intelligence to create fake IRS letters.
- Zero Tax Program: Callers promising to eliminate tax debt in exchange for personal information.
- Social Media Scams: Circulating false tax information, such as creating fake Form W-2s or claiming credits like the Fuel Tax Credit and Sick and Family Leave Credit.
- Phone and Text Scams: Tricking individuals into handing over sensitive financial information with false promises of IRS money.
Avoiding and Reporting Scams
Tax professionals receiving scam emails should forward them to [email protected], including the full email header for IRS cybersecurity experts to analyze.
Victims of a security breach should contact their IRS Stakeholder Liaison to report the theft. Quick reporting allows the IRS to block fraudulent returns and assist tax professionals through the recovery process. Additionally, tax professionals can report incidents to their state tax agency via the Federation of Tax Administrators’ Report a Data Breach page.
Tax professionals must also comply with Federal Trade Commission (FTC) data breach response requirements and maintain a Written Information Security Plan (WISP). Incidents affecting 500 or more people must be reported to the FTC within 30 days.
The IRS and Security Summit partners remain committed to protecting the tax system from identity theft and fraud. By staying informed and vigilant, tax professionals can help safeguard their businesses and clients against these evolving threats.