IRS Warns of "Wave of Attacks" Focused on Tax Professionals

Chris Gaetano
Published Date:
Sep 2, 2016
Internet Crime

The IRS has warned that scammers have declared open season on tax professionals, and to be extra careful about network security. The IRS is aware of approximately two dozen attacks over the past few days where identity thieves filed fraudulent tax returns by remotely taking over practitioners’ computers.

"This latest incident reinforces the need for all tax professionals to review their computer settings as soon as possible," said IRS Commissioner John Koskinen‎. "Identity thieves continue to evolve and look for new areas to exploit‎, especially as our fraud filters become more effective. The prompt identification of these attacks is another example of the great benefits that result from the close‎ working relationship the IRS now has with the tax industry and the states through the Security Summit initiative. Information is flowing more rapidly between our groups as we continue‎ our efforts to protect taxpayers."

The IRS noted that the attacks are ramping up at the Oct. 17 filing deadline approaches, and noted that a similar wave happened during the weeks before the April filing deadline. 

In addition to activating security measures for tax software products, IRS urges all tax preparers to take the following steps:

  • Run a security “deep scan” to search for viruses and malware;
  • Strengthen passwords for both computer access and software access; make sure your password is a minimum of eight digits (more is better) with a mix of numbers, letters and special characters and change them often;
  • Be alert for phishing scams: do not click on links or open attachments from unknown senders;
  • Educate all staff members about the dangers of phishing scams in the form of emails, texts and calls;
  • Review any software that your employees use to remotely access your network and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems. Remote access software is a potential target for bad actors to gain entry and take control of a machine.

In addition, the IRS recently issued instructions to tax professionals on how to monitor their PTIN activity.

Tax professionals should review Publication 4557, Safeguarding Taxpayer Data, a Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security. Also, practitioners should review Data Breach Information for Tax Professionals for information on what action they should take if they do become victims.

Click here to see more of the latest news from the NYSSCPA.