Preparer Security and Tax Identity Theft
Preparers need to be aware of the following regarding tax identity theft:
- Tax identity theft continues to be the largest type of tax refund fraud for both the IRS and States.
- Tax preparers are increasingly becoming targets of identity thieves.
This page is designed to give you information to help make you aware of the security measures preparers should be taking to secure their computer systems and client personal information. Also to let you know the latest ways identity thieves are attempting to obtain personal information from individuals and tax preparers and steps that IRS, States and the tax industry are taking to help protect taxpayers from becoming a victim of identity theft.
The following are covered:
Security and Tax Preparers
What IRS States are doing to Combat Tax Identity Theft
Security Summit – Collaborative Effort by IRS, States and Tax Industry Partners to Fight Tax Identity Theft
Links for More Information on Tax Identity Theft
Security and Tax Preparers
This past filing season the number of phishing email schemes that were targeted at tax preparers increased over prior years. Due to this trend of tax preparers becoming increasingly the targets of cybercriminals they must do more to protect themselves.
The goal of these criminals is to gain access to a preparer’s client tax data and to their tax software in order to file fraudulent returns. In short they want to take over their computer system.
Access to a preparer’s client tax data not only allows the identity thieves to obtain each client’s personal information, it also makes it possible for the identity thief to create fraudulent returns that contain similar information for each individual in order to not be caught by the IRS and State identity theft filters.
Access to a preparer’s tax software program allows the identity thief the opportunity to modify existing returns that have not been completed or transmitted and file additional fraudulent returns using the software.
Because of this increased interest by identity thieves, tax preparers need to take steps to protect their computer systems as well as protecting their client’s personal and tax information. Tax preparers need to increase their security protections by taking the following steps:
- Be alert for phishing email scams
See the IRS Security Alert Tax Tip #2 (2015) – Avoid Phishing and Malware for the steps you can take to protect yourself.
- Run a security “deep scan” of their computer systems to search for viruses and malware
See IRS Security Alert Tax Tip #10 (2015) – Perform a Deep Security Scan of Computer Drives for what steps to take to protect your computer system.
- Strengthen passwords for computer access and software access
Passwords should be a minimum of eight characters, not use personal information and use numbers and symbols for letters in words or phrases. See the Homeland Security Creating a Password Tip Card for how to create a strong password.
- Review any software that your employees use to remotely access your network
- Avoid downloads from suspicious sources
- Protect your wireless network
- Consider encryption software
- Safely store data
- Shred documents and destroy media
For more information on what tax preparers can do to protect themselves see the following on the IRS website:
- IRS Security Awareness Tax Tips
- Protect Yourself From Identity Theft
- Protect Your Clients; Protect Yourself
- Data Theft Information for Tax Professionals
- Publication 4557 – Safeguarding Taxpayer Data
- Warning to Tax Professionals of Cybercriminal Threats (Video)
Phishing schemes that preparers need to be aware of:
- IRS News Release 2017-117 – Security Summit Launches Education Campaign Aimed at Tax Pros; Warns Against Phishing Epidemic with “Don’t Take The Bait” Series
- Security Summit Warns of New Phishing Email Targeted at Tax Pros
- IRS, States & Tax Industry Warn of Last Minute Email Scams
- Tax Professionals Warned of New Scam Unlock their Tax Software Accounts
- New Two Stage E-Mail Scheme Targets Tax Professionals
- Phishing Scheme Mimics Software Providers; Targets Tax Professionals
Steps IRS and States are taking to Prevent Tax Identity Theft
Since the Security Summit was formed in 2015 the IRS, States and the tax industry have implemented steps to help fight tax identity theft. Here are some examples of what the IRS and States have done:
- Continually modifying and adding to their identity theft fraud filters
- Sending letters to taxpayers when they suspect a return they received may not be the taxpayer’s. The letter explains that the return will not be processed until the individual verifies who they are with the IRS or State either by going to page on their website or by calling the applicable government agency.
- Delaying the release of refunds. For federal returns the delay is for refunds for returns that claim EITC or the additional child tax credit. For States, the timeline for when any refunds will be released has been increased.
- IRS and many States are now matching W-2 information on returns.
- Assigning an Identity Protection PIN (IP PIN) to individuals who have been or may have been a victim of identity theft.
- States are requesting Driver’s License or State ID information be included on the electronic return in order to help verify the identity of the taxpayer.
- IRS has initiated their Taxes Security Together campaign which is designed to educate taxpayers and tax preparers on what they can do to prevent themselves from becoming a victim of identity theft and secure their personal information.
- IRS has initiated their IRS Protect Clients; Protect Yourself campaign that is designed to educate preparers on what they need to do to protect their computer systems and client tax information from identity thieves.
Since March 2015, IRS officials, State tax administrators, Tax Software industry, Financial institutions, and tax preparer groups have been working together to identify the steps that need to be taken to combat tax-related identity theft.
The Security Summit has also been focusing on making tax preparers aware that they are vulnerable to phishing email schemes that target them with the intent of taking over a preparer’s computer system to gain access to their client information and their tax program.
Over the past two filing seasons the Security Summit has implemented the following to help protect taxpayers:
- New password standards to access tax software.
- Software providers are now including additional data elements from individual and business tax return submissions that IRS and states are using to assist them in their efforts to detect and prevent identity theft returns.
- Industry partners are performing regular reviews to identify possible identity theft schemes and report them to the IRS and state partners to help stay on top of emerging schemes.
- Requesting additional data be provided with the e-filed federal and state return. An example is asking for information from the taxpayer’s driver’s license or State ID.
- Working towards setting security guidelines for the tax software industry.
- Creating educational awareness campaigns to ensure that tax preparers have the information they need to protect themselves from cyberattacks and safeguard taxpayer data (i.e. “Taxes.Security.Together.” and “Protect Your Clients; Protect Yourself”).
- Setting up a centralized analysis center that will allow IRS, States and Tax Software companies to share actionable data and information regarding tax identity theft schemes.