IRS Warns of a New Wave of Attacks Focused on Tax Professionals
The Internal Revenue Service warned tax professionals of a new wave of attacks that allow identity thieves to file fraudulent tax returns by remotely taking over practitioners’ computers.
As part of the Security Summit effort, the IRS urged tax professionals to review their tax preparation software settings and immediately enact all security measures, especially those settings that require usernames and passwords to access the products. The IRS is aware of approximately two dozen cases where tax professionals have been victimized in recent days.
The IRS, state tax agencies and the tax industry – working as partners in the Security Summit – recently launched the Protect Your Clients; Protect Yourself campaign to increase awareness that criminals increasingly are targeting tax professionals and the taxpayer data they possess.
"This latest incident reinforces the need for all tax professionals to review their computer settings as soon as possible," said IRS Commissioner John Koskinen. "Identity thieves continue to evolve and look for new areas to exploit, especially as our fraud filters become more effective. The prompt identification of these attacks is another example of the great benefits that result from the close working relationship the IRS now has with the tax industry and the states through the Security Summit initiative. Information is flowing more rapidly between our groups as we continue our efforts to protect taxpayers."
These attacks come as the Oct. 17 deadline approaches for extension filers. The IRS first warned of a similar remote take-over attack in the spring, just ahead of the April 15 deadline, another peak period for tax professionals.
Thieves are able to access tax professionals’ computers and use remote technology to take control, accessing client data and completing and e-filing tax returns but directing refunds to criminals’ own accounts.
Victims in the tax community learned of these thefts while reconciling e-file acknowledgements.
In addition to activating security measures for tax software products, IRS urges all tax preparers to take the following steps:
- Run a security “deep scan” to search for viruses and malware;
- Strengthen passwords for both computer access and software access; make sure your password is a minimum of eight digits (more is better) with a mix of numbers, letters and special characters and change them often;
- Be alert for phishing scams: do not click on links or open attachments from unknown senders;
- Educate all staff members about the dangers of phishing scams in the form of emails, texts and calls;
- Review any software that your employees use to remotely access your network and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems. Remote access software is a potential target for bad actors to gain entry and take control of a machine.
In addition, the IRS recently issued instructions to tax professionals on how to monitor their PTIN activity.
Tax professionals should review Publication 4557, Safeguarding Taxpayer Data, a Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security. Also, practitioners should review Data Breach Information for Tax Professionals for information on what action they should take if they do become victims.
IRS Announcement – Important Update about e-Services Accounts
The IRS is committed to protecting taxpayer and tax preparer data as well as its systems from attacks by cybercriminals. As part of that effort, the IRS has been strengthening the identity authentication process for several IRS.gov self-help tools. This identity authentication process, which is called Secure Access, will help protect tax professionals, their clients and our systems.
Starting October. 24, 2016 the IRS will strengthen the protections for e-services accounts by requiring a stronger identity verification process for existing and new e-services users. Existing e-services users will be required to re-register and verify their identities, most through the new Secure Access platform. You must revalidate your identity to maintain access to e-services products. According to the IRS, the change is part of an effort to protect taxpayer and tax-preparer data as well as IRS systems from cyber attacks.
IRS and Security Summit Partners Warn of Fake Tax Bills
The Internal Revenue Service and its Security Summit partners issued an alert to taxpayers and tax professionals to be on guard against fake emails purporting to contain an IRS tax bill related to the Affordable Care Act.
The IRS has received numerous reports around the country of scammers sending a fraudulent version of CP2000 notices for tax year 2015. Generally, the scam involves an email that includes the fake CP2000 as an attachment. The issue has been reported to the Treasury Inspector General for Tax Administration for investigation.
The CP2000 is a notice commonly mailed to taxpayers through the United States Postal Service. It is never sent as part of an email to taxpayers. The indicators are:
· These notices are being sent electronically, even though the IRS does not initiate contact with taxpayers by email or through social media platforms;
· The CP2000 notices appear to be issued from an Austin, Texas, address;
· The underreported issue is related to the Affordable Care Act (ACA) requesting information regarding 2014 coverage;
· The payment voucher lists the letter number as 105C.
The fraudulent CP2000 notice included a payment request that taxpayers mail a check made out to “I.R.S.” to the “Austin Processing Center” at a Post Office Box address. This is in addition to a “payment” link within the email itself.
IRS impersonation scams take many forms: threatening telephone calls, phishing emails and demanding letters. Learn more at Reporting Phishing and Online Scams.
Taxpayers or tax professionals who receive this scam email should forward it to phishing@irs.gov and then delete it from their email account.
Taxpayers and tax professionals generally can do a keyword search on IRS.gov for any notice they receive. Taxpayers who receive a notice or letter can view explanations and images of common correspondence on IRS.gov at Understanding Your IRS Notice or Letter.
To determine if a CP2000 notice you received in the mail is real, see the Understanding Your CP2000 Notice, which includes an image of a real notice.
A CP2000 is generated by the IRS Automated Underreporter Program when income reported from third-party sources such as an employer does not match the income reported on the tax return. It provides extensive instructions to taxpayers about what to do if they agree or disagree that additional tax is owed.
It also requests that a check be made out to “United States Treasury” if the taxpayer agrees additional tax is owed. Or, if taxpayers are unable to pay, it provides instructions for payment options such as installment payments.
The IRS and its Security Summit partners — the state tax agencies and the private-sector tax industry — are conducting a campaign to raise awareness among taxpayer and tax professionals about increasing their security and becoming familiar with various tax-related scams. Learn more at Taxes. Security. Together. or Protect Your Clients; Protect Yourself.
Taxpayers and tax professional should always beware of any unsolicited email purported to be from the IRS or any unknown source. They should never open an attachment or click on a link within an email sent by sources they do not know.
Note: See also SETT-2016-13, Beware of Fake IRS Tax Bill Notices