ID theft directly targeting tax preparers

January 18, 2017 by Chris Rubino
Person backpacking in mountains

George Mallory, a famous mountain climber, when asked why he wanted to climb Mt. Everest, replied “Because it’s there.” While Mallory was a man of high repute, those with much more nefarious motives have started targeting tax preparers to obtain personally identifiable information (PII) of the tax preparer’s clients, ostensibly on the theory “Because it’s there.”
 
In the course of preparing taxes, a good deal of confidential PII is accumulated that can be used by thieves to perpetuate ID theft, including the preparation of fraudulent returns. We of the tax community have a duty and an obligation to do everything within our means to protect the information we gather as we conduct our businesses.
 
The newest scam involves cybercriminals approaching the tax preparer in the guise of a potential client, sending an email to the preparer which asks about using the preparer’s services. The email may even appear to come from a legitimate organization, colleague, or friend, if their emails or systems were previously hacked. If the tax preparer then responds to this initial email, the cybercriminal replies with a second follow-up message containing an embedded web address, or with an embedded web address in an attachment. If the preparer clicks on this address, instead of downloading a client’s information, a virus or malware is downloaded that sends information to the cybercriminal.
 
There are some commonly accepted best practices in regard to email phishing scams that we can do to protect our clients’ information.
 

  • Understand that email is never a secure form of communication.
  • Do not respond to emails from unknown sources.
  • Never click on links contained within emails (including attachments) that are unsolicited, or unexpected, or from unknown senders.
  • Be wary of emails that seem to come from a known sender, but are out-of-the ordinary for that person or entity. You may want to contact the person by phone instead of replying by email.
 
Information security is, in today’s world, vital to our clients and ourselves. The IRS, after being hacked in 2015 through their transcript delivery system, is placing ever more emphasis on information security. More information that can be very helpful to the tax community in regard to the IRS’ efforts can be found at Protect Your Clients; Protect Yourself.

SEARCH

 

Chris Rubino, EA
Tax Content Developer

 

Chris’ current job title at TaxAudit is Tax Content Developer. He is an Enrolled Agent, and at present spends most of his time in the Education and Research Department, writing texts for the Education team and researching tax questions that arise during audits. During his time at TaxAudit he has been in a number of roles, including Return Reviewer and Audit Representative. He brought a varied financial background to TaxAudit, including income tax preparation and financial planning advisement. 


 

Recent Articles

Account Setup
Creating your IRS online account starts with a simple trip to the IRS website. You will need an email address, a smartphone with a working camera, and an ID.
Man thinking
An amended IRS tax return refund can take in the region of 20 weeks to receive. The Where’s My Amended Return? Tool allows taxpayers to check the status.
Tax Relief written on a Calculator
Fortunately, there are a myriad of tools available for taxpayers who want to tackle their tax debt issues and dispute the collection actions taken by the IRS.
1040-X Amended Tax Return
The general deadline for an amended tax return is 3 years from when the original return was filed or 2 years from when the tax was paid, whichever is later.
This blog does not provide legal, financial, accounting, or tax advice. The content on this blog is “as is” and carries no warranties. TaxAudit does not warrant or guarantee the accuracy, reliability, and completeness of the content of this blog. Content may become out of date as tax laws change. TaxAudit may, but has no obligation to monitor or respond to comments.