Bookmark and Share [ [link removed] ]

a { color:#0073AF !important;} a:hover { color:#004673 !important;} <!-- body { font-family: arial; } p { font-size: 12px; } li { font-size: 12px; } h2 { font-size: 24px; font-style: italic;} -->
IRS.gov Banner
IRS Newswire July 16, 2024

News Essentials

What's Hot [ [link removed] ]

News Releases [ [link removed] ]

IRS - The Basics [ [link removed] ]

IRS Guidance [ [link removed] ]

Media Contacts [ [link removed] ]

Facts & Figures [ [link removed] ]

Around The Nation [ [link removed] ]

e-News Subscriptions [ [link removed] ]

________________________________________________________________________

The Newsroom Topics

Multimedia Center [ [link removed] ]

Noticias en Espa?ol [ [link removed] ]

Radio PSAs [ [link removed] ]

Tax Scams [ [link removed] ]

The Tax Gap [ [link removed] ]

Fact Sheets [ [link removed] ]

IRS Tax Tips [ [link removed] ]

Armed Forces [ [link removed] ]

Latest News Home [ [link removed] ]

________________________________________________________________________

IRS Resources

Contact My Local Office [ [link removed] ]

Filing Options [ [link removed] ]

Forms & Instructions [ [link removed] ]

Frequently Asked Questions [ [link removed] ]

News [ [link removed] ]

Taxpayer Advocate [ [link removed] ]

Where to File [ [link removed] ]

IRS Social Media [ [link removed] ]

________________________________________________________________________


Issue Number:? ? IR-2024-188

Inside This Issue
________________________________________________________________________

*Security Summit warns tax pros to remain vigilant against phishing emails and cloud-based attacks?*

*"Week 2 of ?Protect Your Clients; Protect Yourself? series focuses on evolving threats"*?**

WASHINGTON ? In the second installment of a special series, the Internal Revenue Service and?Security Summit [ [link removed] ]?partners warned tax professionals to be aware of evolving phishing scams and cloud-based schemes designed to steal sensitive taxpayer information.

The IRS and Security Summit partners ? representing state tax agencies and the nation's tax industry ? continue to see a steady stream of e-mail and related attacks aimed at the nation's tax professional community. These are designed to steal sensitive tax and financial information from clients.

The variants of these email attacks routinely number in the hundreds and can target tax professionals whether it?s tax season or not.

?We continue to see a barrage of email and related attacks designed to trick tax professionals and gain access to their sensitive information,? said IRS Commissioner Danny Werfel. ?These attempts can be elaborate, multi-layered efforts that look convincing and can easily fool people. Tax professionals need to be wary and educate their employees to use extra caution to protect their clients and their businesses.?

This is the second release in an eight-part ?Protect Your Clients; Protect Yourself [ [link removed] ]? summer series, part of an annual education effort by the Security Summit, a group that includes tax professionals, industry partners, state tax agencies and the IRS. The public-private partnership has worked since 2015 to protect the tax system against tax-related identity theft and fraud.

These security tips will be a key focus of the Nationwide Tax Forum [ [link removed] ], which will be in five cities this summer throughout the U.S. In addition to the series of eight news releases, the tax professional security component will be featured at the forums, which are three-day continuing education events. The remaining forums begin July 30 in Orlando, August 13 in Baltimore, August 20 in Dallas and September 10 in San Diego.?

The IRS reminds tax pros that registration deadlines are quickly approaching for several of the forums, and Orlando is already sold out.??

*Phishing, spear phishing, clone phishing and whaling??*

One of the most common threats facing tax pros are phishing and related scams. These are designed to trick the recipient into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers.

Tax professionals and taxpayers should be aware of different phishing terms and what the email scams might look like:


* *Phishing/Smishing*?? Phishing emails or SMS/texts (known as ?smishing?) attempt to trick the recipient into clicking a suspicious link, filling out information or downloading a malware file. Often phishing attempts are sent to multiple email addresses at a business or agency increasing the chance someone will fall for the trick.

* *Spear phishing*?? A specific type of phishing scam that bypasses emailing large groups at an organization, but instead identifies potential victims and delivers a more realistic email known as a ?lure.? These types of scams can be trickier to identify since they don't occur in large numbers. They single out individuals, can be specialized and make the email seem more legitimate. Scammers can pose as a potential client for a tax professional, luring the practitioner into sharing sensitive information.
* *Clone phishing *? A newer type of phishing scam that clones a real email message and resends it to the original recipient pretending to be the original sender. The new message will have either an attachment that contains malware or link that tries to steal information from the tax professional or recipient.

* *Whaling*?? Whaling attacks are very similar to spear phishing, except these attacks are generally targeted to leaders or other executives with access to secure large amounts of information at an organization or business. Whaling attacks can also target people in payroll offices, human resource personnel and financial offices.

Security Summit partners continue to see instances in which tax professionals have been particularly vulnerable to emails posing as potential clients. In the ?new client? scam [ [link removed] ], the criminals use this technique to trick practitioners into opening email links or attachments that infect computer systems with the potential to steal client information. Similar schemes are seen with whaling situations where scammers try to obtain a large amount of information with legitimate-looking email requests.

*Warning signs of a scam??*

Regardless of the type of phishing attempt, tax pros can protect themselves and their organization by being aware of these scams and looking for warning signs like these:


* An unexpected email or text claiming to come from a known or trusted source such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS and other government agencies.

* Receiving a duplicate email from what appears to be a known trusted source that contains a new attachment or hyperlink.

* A message, often with an urgent tone, urging the receiver to open a link or attachment. These messages have a false narrative, like someone?s password has expired or some other urgent action is needed.
* An email address, number or link that's slightly misspelled or has a different domain name or URL (irs.*com*"?"vs. IRS.*gov*")". A closer look at these email addresses ? like hovering the cursor over the email address ? can show slight variations on legitimate addresses.

?There are major red flags that can be easily overlooked, so tax professionals and taxpayers should be extra careful and look closely when they receive an email from an official looking source,? Werfel said.

*Cloud-based schemes remain a threat??*

Tax professionals using cloud-based systems that store information or run tax preparation software should use multi-factor authentication to help safeguard that data. The Federal Trade Commission now requires all practitioners to secure sensitive client personally identifiable information (PII) using multi-factor authentication.

Specifically, the Security Summit?continues to see attacks [ [link removed] ]?that take advantage of cloud-based systems and compromise personal information. Multi-factor authentication options provide an additional layer of security to access a system by using a phone, text messages or tokens. Since email is easier for identity thieves to access, having these layers of security helps guard against potential vulnerabilities.

*Additional resources??*

For tax professionals who are victim of any of these schemes or identity theft, the IRS urges them to quickly contact their?IRS Stakeholder Liaison [ [link removed] ]?to provide details of the situation. Tax professionals can also share information with the appropriate state tax agency by visiting a special ?Report a Data Breach? [ [link removed] ] page with the Federation of Tax Administrators.

Quickly reporting these incidents can not only protect the tax pro's clients, but it can also help provide critical information quickly to help prevent these attacks from hitting others in the tax community.

Tax professionals should also understand the?Federal Trade Commission?s data breach response requirements [ [link removed] ]?as part of their overall information and data security plan. There?s a new requirement to report an incident to the FTC when 500 or more people are affected within 30 days of the incident.

To help taxpayers navigate these issues and meet the requirement to have a security plan, the Security Summit has prepared a sample Written Information Security Plan. This template can help tax pros, including smaller practitioners, protect themselves from ongoing security threats.

Tax professionals should also review IRS?Publication 4557, Safeguarding Taxpayer Data [ [link removed] ], for more information.

Other resources include?Small Business Information Security: The Fundamentals [ [link removed] ],?by the National Institute of Standards and Technology and the IRS'?Identity Theft Central [ [link removed] ]?pages for tax pros.

Publication 5293, Data Security Resource Guide for Tax Professionals [ [link removed] ], provides a compilation of data theft information available on IRS.gov. The IRS also encourages tax professionals to stay connected to the IRS for its latest updates and alerts through subscriptions to?e-News for Tax Professionals [ [link removed] ]?and?its?social media sites [ [link removed] ].

Back to Top [ #Fifteenth ]

________________________________________________________________________

FaceBook Logo [ [link removed] ]??YouTube Logo [ [link removed] ] ?Instagram Logo [ [link removed] ]? Twitter Logo [ [link removed] ] ?LinkedIn Logo [ [link removed] ]

________________________________________________________________________

Thank you for subscribing to the IRS Newswire, an IRS e-mail service.

If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].

This message was distributed automatically from the mailing list IRS Newswire. *Please Do Not Reply To This Message.*


________________________________________________________________________

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need your email address to log in. If you have questions or problems with the subscription service, visit subscriberhelp.govdelivery.com [ [link removed] ].

This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].


body .abe-column-block {min-height: 5px;} ________________________________________________________________________

This email was sent to [email protected] by: Internal Revenue Service (IRS) ? Internal Revenue Service ? 1111 Constitution Ave. N.W. ? Washington, D.C. 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}