The Internal Revenue Service has launched a campaign this summer to persuade tax professionals to improve their cybersecurity amid an escalating series of ransomware attacks around the world.
The IRS is partnering with state tax authorities and the tax industry in its Security Summit group as part of the summer cybersecurity campaign. The IRS said Wednesday it has seen the number of data thefts reported by tax professionals on the rise this year. Through June 30, 2021, there have been 222 data theft reports reported by tax pros to the IRS, outpacing the rate of 211 in 2020 and 124 in 2019. The IRS noted that each report can affect hundreds of taxpayers and threaten the tax professional’s business.
The campaign, “Boost Security Immunity: Fighting Against Identity Theft” will encourage tax pros to take basic actions to stop data theft from their offices. This is the sixth year that the Security Summit partners have raised awareness about cybersecurity issues.
“The Security Summit continues to work cooperatively to battle tax-related identity theft, but we need the help of tax professionals in this effort,” said IRS Commissioner Chuck Rettig in a statement. “We continue to see instances where tax professionals did not take simple steps that could have protected their clients and their business. Tax professionals must take a shot at basic security steps to protect against relentless efforts by identity thieves to steal data and tax information.”
Identity thieves and fraudsters were particularly busy last year and this year taking advantage of the COVID-19 pandemic as many tax pros worked remotely from home and their firms were forced to lower their cyber defenses. The economic downturn also served as fuel for a variety of scams and schemes to steal money and identities.
The recent series of ransomware attacks against companies like Colonial Pipeline, JBS Foods and most recently the network software provider Kaseya have alarmed their clients, customers and supply chain partners.
“One of the big takeaways with the Kaseya situation in my mind is vendor management,” said Mark Spaak, senior manager of security solutions at the accounting and consulting firm Rehmann. “It’s understanding what access does your managed service provider have? What stopgaps do they have in place to prevent or protect from these types of supply chain attacks? A lot of business owners have seen plenty of news. They’ve probably met colleagues or they have friends in business that have been impacted by some type of ransomware event. Business owners are starting to put more focus on cybersecurity and recognize that it’s a very big part of all the other business risks they are already managing. It’s something that needs to be accounted for because oftentimes what a lot of business owners miss when it comes to cybersecurity is the impact it can have on your brand and your reputation because if you need to disclose that you’ve been invoked in some type of a cyberattack and especially if you have sensitive data types that you manage, you may have to disclose that. There could be penalties or fines or you may have to issue a credit monitoring service for your clients. It can have a lot of impact on your reputation and your brand as a business, not to mention the operational downtime.”
Tax professionals are often targeted for cyberattacks and hacking by criminal syndicates that are technologically savvy and well-funded. The cybercriminals either trick or hack their way into a tax pro’s computer systems to access client data. They can then use stolen data to file fraudulent tax returns that make it hard for the IRS and the states to detect because the false returns use real financial information.
The Security Summit is urging tax pros to use multi-factor authentication to safeguard their tax prep software accounts. All tax software providers now offer multi-factor authentication options, which require more than just a username and password to access accounts. The feature is available on tax prep products for both tax professionals and taxpayers. Tax pros should also continue to use anti-virus software, strong password phrases and virtual private networks to protect the connections between their telework locations and offices.
They should also consider encouraging clients to sign up for Identity Protection PINs. The IRS now offers IP PINs to all taxpayers who can verify their identities online, on the phone with an IRS employee after filing a Form 15227 or in person. The IP PIN is a six-digit number that is known only to the taxpayer and the IRS. It helps prevent an identity thief from filing a fraudulent return in the taxpayer’s name. Tax pros cannot get an IP PIN for their clients. Clients need to verify their identities to the IRS by going to the “
Tax pros should also be aware of unemployment insurance identity theft. One of the biggest scams last year involved identity thieves who used stolen identities to file for unemployment compensation benefits with the states during the pandemic-induced economic downturn. States issue Forms 1099-G to taxpayers and the IRS to report taxable unemployment income. For 2020, some taxpayers received multiple Forms 1099-G from states as thieves used their names to steal benefits.
Tax pros should also avoid “spear phishing” scams. One of the most pervasive tactics used by identity thieves against tax pros is called spear phishing. Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Last year, tax pros were particularly vulnerable to spear phishing scams from thieves posing as potential clients. Some cybercriminals would carry out email conversations with their target for days before sending the email containing a link or attachment. The link or attachment would secretly download software onto the tax pros’ computers that will give thieves remote access to the tax professionals’ systems.
Tax pros should also recognize the signs of identity theft. Many tax pros who report data thefts to the IRS admit they’re unaware of the signs that a theft had occurred. Some of the telltale signs include multiple clients suddenly receiving IRS letters asking for confirmation that they filed a tax return deemed suspicious. Tax professionals may see e-file acknowledgements for far more tax returns than they filed. Computer cursors may seem to move on their own.
The IRS plans to provide more cybersecurity information for tax pros every Tuesday over the next five weeks.
The summer series on cybersecurity coincides with the annual IRS Nationwide Tax Forums, which are being held virtually this summer over a five-week period starting July 20. The 2021 Forums feature three webinars focused on cyber- and information security that will be live streamed as follows:
“Cybersecurity for Tax Professionals – Advanced Session,” presented by the American Coalition for Taxpayer Rights, July 28 at 2 p.m. ET.
“Helping You and Your Clients Steer Clear of Fraud and Scams,” presented by the Treasury Inspector General for Tax Administration, Aug. 4 at 11 a.m. ET.
“IRS Criminal Investigation: Deeper Dive into Emerging Cyber Crimes and Crypto Tax Compliance,” Aug. 5 at 11 a.m. ET.
For more information about the IRS Nationwide Tax Forums and to register, visit
