If there is any doubt that cyber threats are on the rise, here are just a few statistics that show the increased danger to businesses, organizations, individuals, and governmental agencies:
- As many as 1 billion emails were exposed in a single year
- 1 out of every 2 U.S. internet users suffered an account breach in 2021
- More than 53 million Americans were affected by cybercrime in the first two quarters of 2022
- On average, data breaches cost businesses $4.35 million in 2022
There is mounting concern about cyber threats to taxpayers and tax professionals who may be vulnerable to attacks designed to steal their clients’ sensitive tax and financial information. A special series run by the Security Summit—a coalition consisting of the IRS and state tax agencies as well as tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations and financial institutions—addresses those concerns and works to protect the tax system against tax-related identity theft and fraud.
The most recent installment in the Security Summit’s series is the five-part “Protect Your Client, Protect Yourself." According to IRS Commissioner Danny Werfel, "Identity thieves and fraudsters continue to look for new and inventive ways into tricking tax pros. These scams can be subtle and sophisticated, and tax pros should not let down their guard to protect their clients and their businesses."
These scams have become more prevalent as tax professionals turn to cloud-based systems to run software and store information. To avoid having data compromised, it’s advisable to use multi-factor authentication to protect confidential information.
Even sophisticated tax pros can fall victim to scams that include:
- Phishing: Be careful of clicking on a link, even one that may look legitimate at first. Once that link has been clicked, scammers can load malware and will try to get the recipient to disclose passwords, bank account numbers, credit card numbers, or Social Security numbers.
- Spear Phishing: Unlike more common phishing scams which cast a wide net, spear phishing scams single out individuals, attempting to lure them into exposing information as they are more targeted and specialized.
- Whaling: Like spear phishing, whaling attacks “single out” specific targets such as leaders or executives, allowing them to secure great amounts of information about an organization or business. They may also target those in a payroll office, HR, or finance departments.
In order for businesses, individual taxpayers, and tax professionals to keep confidential information secure and out of the hands of scammers, the Security Summit offers practical suggestions.
- Look for the warning signs: Emails that contain misspellings or have an address or URL that looks similar to that from a government agency, financial institution, or similar (e.g. irs.com vs. IRS.gov) should send up a red flag. Similarly, be aware of emails that make it seem that urgency is of the essence or “promise” that they can fix a tax-return problem.
- Create a safety plan: WISP, The Written Information Security Plan PDF, was developed by the Security Summit partners and is an easy-to-understand document designed to keep customer and business information secure.
- Have clients sign up for a secure PIN: The IRS offers IP PINs to all taxpayers who can verify their identities online, on the phone with an IRS employee after filing Form 15227, or in person. Assistance in applying for a PIN can be found at How to Register for Certain Online Self-Help Tools.
As a tax professional, it’s important to you to keep your clients’ information safe. The IRS has a number of tools to help you, including the annual IRS Dirty Dozen list, which gives taxpayers and professionals information on current scams.
Speak with our tax group to learn more about securing confidential information from cyber threats
Keeping your financial and tax information is of paramount importance to taxpayers, businesses, and tax professionals alike. To learn more about how we can help guide you, please call us at 800-579-0997 or contact us online. We serve local and international clients from our offices in Chicago and Cleveland.