The Internal Revenue Service and its Security Summit partners in state tax agencies and the tax industry have begun a new education campaign for tax professionals warning them against phishing emails.
The campaign will be called “Don’t Take the Bait” and is part of the “Protect Your Clients. Protect Yourself” campaign that launched last year. Phishing involves fraudulent emails sent to recipients in an effort to learn personal information. Phishing scams against tax professionals often try to trick them into opening an infected link or attachment or disclosing usernames and passwords to critical accounts. Falling for the scam means potentially exposing taxpayer clients to identity theft.
Criminals are interested in stealing preparers’ e-Services passwords, Electronic Filing Identification Numbers, Centralized Authorization File numbers and Preparer Tax Identification Numbers.
The IRS has been warning tax professionals about a number of phishing scams this year (see IRS warns W-2 phishing scam is spreading wider and New phishing scam targets tax pros). Through May of this year, 177 tax professionals and firms reported data thefts to the IRS involving thousands of taxpayers. The IRS said it is receiving three to five data theft reports a week from tax practitioners.
“We continue to see new and evolving threats involving data breaches, intrusions and various takeovers that put people’s personal information at risk,” said IRS Commissioner John Koskinen in a statement. “These efforts are increasingly targeting tax professionals and businesses with tax information. Too many still overlook basic security steps needed to protect their data. As part of this, we urge the tax professional community: Beware your inbox. Don’t take the bait from these phishing scams.”
The Public Company Accounting Oversight Board sanctioned PricewaterhouseCoopers' member firms in the U.S. and Australia over auditing quality control violations, imposing a $2.75 million and $600,000 penalty.