Week 3 of “Protect Your Clients; Protect Yourself” series focuses on security warning signs
WASHINGTON — In the third part of a special series, the Internal Revenue Service and the Security Summit partners today urged tax professionals to learn the signs of data theft so they can respond quickly to protect their business and their clients.
The IRS and the Security Summit partners continue to see a relentless string of attempts by identity thieves to target tax professionals in hopes of gaining valuable client tax information. With stronger fraud defenses put in place by the IRS and Security Summit partners, identity thieves have shifted their attention to tax pros to get more detailed information to help prepare bogus tax returns.
"We continue to see instances where tax professionals have had their systems compromised, and they didn’t realize it for week or months,” IRS Commissioner Danny Werfel said. “Identity thieves are creative, and they can find ways of quietly penetrating systems. There are important warning signs tax pros should watch out for that can help alert them more quickly to a security issue, and speed is critical to protect clients and their businesses from a security incident.”
The IRS, state tax agencies and the nation's tax industry – working together as the Security Summit – reminded tax professionals that they should contact the IRS immediately when there's an identity theft issue while also contacting cybersecurity experts and insurance companies to assist them with determining the cause and extent of the loss.
This is the third week of an eight-part "Protect Your Clients; Protect Yourself" summer series, part of an annual education effort by the Security Summit, a group that includes tax professionals, industry partners, state tax agencies and the IRS. The public-private partnership has worked since 2015 to protect the tax system against tax-related identity theft and fraud.
These security tips will be a key focus of the Nationwide Tax Forum, being held this summer in five cities throughout the U.S. In addition to the series of eight news releases, the tax professional security component will be featured at the forums, which are three-day continuing education events. The next forum begins next week in Orlando, Florida, and is already sold out, followed by the week of August 13 in Baltimore, August 20 in Dallas and September 10 in San Diego. The IRS reminds tax pros that registration deadlines are quickly approaching for the Baltimore and Dallas forums, as San Diego has also sold out.
Each year at the tax forums, the IRS hears from tax professionals attending the sessions who realize that they’re victims of a data theft or a security breach, but they hadn’t realized the warnings signs. Here are some things that can help.
Tax pros: Know the warning signs from clients, their systems
Tax pros should be on the lookout for these critical warning signs from their clients:
- Clients receive notice that an IRS Online Account was created without their consent or that:
-
- Someone accessed their IRS Online Account without their knowledge.
- The IRS disabled their Online Account, either their individual or business Online Account.
- Tax pro clients receive a tax transcript they didn't request.
- Balance due or other notices from the IRS are received that are not correct based on the tax return filed.
- Clients reach out to the tax pro about calls or emails the tax pro didn't make.
- Clients receive refunds without filing a tax return.
Tax professionals should also watch for these red flags when their business experiences these situations:
- Slow or unexpected computer or network responsiveness such as:
-
- Software is slow or actions take longer to process than usual.
- Computer cursor moves or changes numbers without touching the mouse or keyboard.
- Unexpectedly being locked out of a network or computer.
- Client tax returns are being rejected because their Social Security number was already used on another return.
- IRS authentication letters (5071C, 6331C, 4883C, 5747C) are being received even though a tax return hasn't been filed.
- Getting more e-file receipt acknowledgements than the tax pro actually filed.
- The IRS disabled the tax professional’s online account.
- Transcripts are being delivered to the tax pro’s Secure Object Repository (SOR) that they did not order.
- Notification from the IRS that the tax professional’s Centralized Authorized File (CAF) number has been compromised. If they suffer a data compromise, they should take proactive steps to protect their CAF number and consider requesting a new one to protect themself and their clients.
- Notification from the IRS regarding a client that they do not represent.
While these are only a few examples, tax pros should ensure they have the highest security possible and be ready to react quickly to protect themselves and their clients. To help tax pros, the Summit partners created the written information security plan or WISP. The newly updated 29-page, easy-to-understand document was developed by and for tax and industry professionals to help keep client and business information safe and secure.
Tax pros should report data theft immediately
If a tax pro or their firm are the victim of data theft, they should:
- Report the incident to their local IRS Stakeholder Liaison. Speed is critical. IRS stakeholder liaisons will ensure all the appropriate IRS offices are alerted. If reported quickly, the IRS can take steps to block fraudulent returns in the clients' names and will assist tax pros through the process.
- Visit the Federation of Tax Administrators to find state contact information. Tax professionals can share information with the appropriate state tax agency by visiting the special “Report a Data Breach”.
Find more information at Data theft information for tax professionals.
Additional resources
Tax professionals should stay connected to the IRS through subscriptions to e-News for tax professionals and its social media sites.