Attention FAE Customers:
Please be aware that NASBA credits are awarded based on whether the events are webcast or in-person, as well as on the number of CPE credits.
Please check the event registration page to see if NASBA credits are being awarded for the programs you select.

Want to save this page for later?

News

IRS Warns of New and Evolving Scams Targeting Tax Professionals

By:
Ruth Singleton
Published Date:
Jul 15, 2024

The IRS has renewed a warning to tax professionals about new and continuing schemes through which scammers seek to steal business and taxpayer information.

In particular, the IRS warned about scammers posing as new clients and using phishing emails to obtain sensitive information. It also warned about schemes involving phone calls and texting.

“As the Security Summit partners have continued to improve our defenses against identity theft, thieves have upped their game by targeting tax professionals to get valuable information needed to file authentic-looking tax returns,” IRS Commissioner Danny Werfel said. “Tax professionals need to watch out for deviously clever scams that can masquerade as new clients as well as communications from the IRS or others in the tax community. We continue to see tax professionals bombarded by these scams, and people shouldn’t let their defenses down.”

The alert came in the opening week of an annual education effort by the IRS and its Security Summit partners—a coalition of tax professionals, industry partners, state tax groups—called Protect Your Clients; Protect Yourself.

This year’s campaign is aimed at increasing awareness among tax professionals on ways to shield themselves and their clients from identity theft and security threats.

The series coincides with the Nationwide Tax Forum, a three-day seminar starting today in Chicago, and continuing with sessions in other cities in upcoming weeks.

In the “new client” scheme, scammers pretend to be real taxpayers seeking help with their taxes from tax professionals. They try to get sensitive information or gain access to a practitioner’s client data through malicious attachments or links to a site that the tax professional thinks they need to access to obtain the supposed new client’s tax information. In reality, the site is collecting information, such as emails and passwords, or loading malware onto the tax pro’s computer to gain access to their computer or system. This scam, while not new, remains an ongoing threat to tax professionals seeking new business.

Another scam involves phishing attempts by scammers trying to obtain various identification numbers used by tax professionals, including their Electronic Filing Identification Number (EFIN); EFIN documents; their Preparer Tax Identification Number (PTIN); and their Centralized Authorized File (CAF) number.

Identity thieves also use phone calls and text messages to get Social Security numbers, birth dates and banking information from victims. Several of these schemes target not just taxpayers, but potentially tax professionals and their clients. Sometimes they use artificial intelligence (AI) to create fake IRS letters that are mailed to victims.

Another scam is the so-called Zero Tax program, in which callers promise to wipe out tax debt for people who owe back taxes. The callers request people’s Social Security numbers as part of their pitch, which they use for nefarious purposes.

In addition, social media scams circulate inaccurate or misleading tax information that can involve creating common tax documents that are false, such as a Form W-2 or claiming credits to which the taxpayer is not entitled, like the Fuel Tax Credit, Sick and Family Leave Credit and household employment credits.

Individuals who receive scams by email should send the email to phishing@irs.gov. As a reminder, people can forward the message, but IRS cybersecurity experts prefer to see the full email header to help them identify the scheme.

Tax professionals who discover that they are victims of a security breach should contact their IRS Stakeholder Liaison to report a theft. The local IRS Stakeholder Liaison will ensure that the appropriate IRS offices are alerted. If incidents are reported quickly, the IRS can take steps to block fraudulent returns in the clients’ names and will assist tax professionals through the process.

Tax professionals can also share information with the appropriate state tax agency by visiting a special Report a Data Breach page with the Federation of Tax Administrators.

Tax professionals should also become familiar with the Federal Trade Commissioner data breach response requirements PDF as part of their overall information and data security plan. The new Written Information Security Plan (WISP) that tax pros are required to have also notes that there’s a new requirement to report an incident to the FTC when 500 or more people are affected within 30 days of the incident.