The IRS and the Security Summit partners are warning tax professionals and those that prepare their own taxes to beware of evolving identity theft scams. Often perpetrated through phishing emails and SMS-text, these messages are designed to trick tax payers and preparers into opening embedded links or attachments that infect their computers and can steal personal information such as passwords, bank account numbers, credit card numbers, or social security numbers. The IRS urges everyone to use strong security layers and protect important data by taking measures to protect themselves, such as:
- Multi-factor authentication: Those using cloud-based platforms are urged to use phone, text or token options for authentication. This could prevent potential vulnerabilities of authentication via email, which may be accessible to identity thieves.
- Automatically update anti-virus software: This helps prevent scams that target software vulnerabilities.
- Encrypt your drive and regularly back up your files: This adds a layer or protection and helps stop theft and ransomware attacks.
The IRS has also identified various kinds of scams that tax payers and professionals should watch out for, such as:
- Spear phishing: This is where scammers take time to customize an email targeting a specific victim and craft a more enticing phishing email known as a lure.
- Fake tax clients or professionals: Identity thieves will pose as potential clients (or potential tax professionals), and exchange several emails with you before sending an attachment that they claim is tax information. Once the recipient clicks on the embedded URL and/or opens the attachment, malware is secretly downloaded onto their computers, and gives thieves access to all the information on the computer, or even remote access. After the thieves take over the computer. In some cases, thieves will identify pending tax returns on a tax professionals system, complete them, and e-file them, changing only the bank account information to steal the refund.
- Ransomware attacks: When unsuspecting tax payers or professionals open these links or attachments, malware is triggered and attacks their computer system to encrypt files and the thieves then hold the data for ransom.
It is important to always secure your network and ensure that you are educated on how to recognize these sorts of attacks.