From IRS Newswire <[email protected]>
Subject IR-2024-224: Security Summit partners conclude special campaign with reminders to protect tax professionals from identity theft, security threats
Date August 27, 2024 4:09 PM
  Links have been removed from this email. Learn more in the FAQ.
  Links have been removed from this email. Learn more in the FAQ.
Bookmark and Share [ [link removed] ]

a { color:#0073AF !important;} a:hover { color:#004673 !important;} &amp;amp;lt;!-- body { font-family: arial; } p { font-size: 12px; } li { font-size: 12px; } h2 { font-size: 24px; font-style: italic;} --&amp;amp;gt;
IRS.gov Banner
IRS Newswire Aug. 27, 2024

News Essentials

What's Hot [ [link removed] ]

News Releases [ [link removed] ]

IRS - The Basics [ [link removed] ]

IRS Guidance [ [link removed] ]

Media Contacts [ [link removed] ]

Facts & Figures [ [link removed] ]

Around The Nation [ [link removed] ]

e-News Subscriptions [ [link removed] ]

________________________________________________________________________

The Newsroom Topics

Multimedia Center [ [link removed] ]

Noticias en Español [ [link removed] ]

Radio PSAs [ [link removed] ]

Tax Scams [ [link removed] ]

The Tax Gap [ [link removed] ]

Fact Sheets [ [link removed] ]

IRS Tax Tips [ [link removed] ]

Armed Forces [ [link removed] ]

Latest News Home [ [link removed] ]

________________________________________________________________________

IRS Resources

Contact My Local Office [ [link removed] ]

Filing Options [ [link removed] ]

Forms & Instructions [ [link removed] ]

Frequently Asked Questions [ [link removed] ]

News [ [link removed] ]

Taxpayer Advocate [ [link removed] ]

Where to File [ [link removed] ]

IRS Social Media [ [link removed] ]

________________________________________________________________________


Issue Number:    IR-2024-224

Inside This Issue
________________________________________________________________________

*Security Summit partners conclude special campaign with reminders to protect tax professionals from identity theft, security threats *

 

"Week 8 of “Protect Your Clients; Protect Yourself” series focuses on important steps to protect data" 

 

WASHINGTON — Concluding a special summer awareness campaign, the Internal Revenue Service and the Security Summit today urged tax professionals to maintain strong safety measures to protect themselves and their taxpayer clients against evolving data security threats.

In this eighth and final installment of the “Protect Your Clients; Protect Yourself” series, the IRS and Security Summit partners strongly recommended tax professionals to embrace critical and necessary steps to protect sensitive information, including taking extra care with how they handle data and security.

“Tax professionals remain a tempting target for identity thieves and cybercriminals,” said IRS Commissioner Danny Werfel. “They face countless attacks from those hoping to harvest valuable personal and financial information that can be used to file an authentic-looking tax return and slip through the tax system’s defenses. By taking some basic steps, tax professionals at firms both large and small can protect their clients and protect themselves from these relentless security threats.”

The Security Summit is a public-private coalition started in 2015 with tax professionals, industry partners, state tax groups and the IRS to guard the tax system against tax-related identity theft and fraud. The Summit group succeeded in bolstering internal defenses to protect against identity theft, a collective effort that has protected millions of taxpayers through the years.

But as the IRS and the Summit partners increased their vigilance, identity thieves shifted their attention to collect better data and focused on targeting tax professionals and businesses to clandestinely harvest information to file authentic-looking tax returns. With this shift in focus, the Summit partners have worked for the past nine years to raise awareness in the tax professional community through the "Protect Your Clients; Protect Yourself" campaign. Stronger tax pro defenses protect not just their firms, but also their clients and the greater tax system.

Tax pros can see the entire summer series on a special page [ [link removed] ] at IRS.gov.

Identity thieves continue to change their tactics, and security threats against tax professionals remain a daily threat. In the first half of the year, IRS Stakeholder Liaisons have already received reports of nearly 200 tax professional data incidents potentially affecting up to 180,000 clients.

This summer’s special awareness campaign coincided with the IRS Nationwide Tax Forum, which visited four cities this summer and concludes the week of September 9 in San Diego. That final session has already sold out.

*Tax pros should remain on the lookout ** *

Tax pros should know identity thieves take many different approaches to steal sensitive information, and there are several common schemes to look out for.

For example, in a presently trending scheme, some scammers pose as new clients reaching out to practitioners to get their sensitive information or client data. In these fake “new client” schemes [ [link removed] ], a fraudster can send a malicious attachment or include a link to a site that a tax pro wrongly thinks they need to get the supposed new client’s tax information. However, the site is actually collecting information from a tax pro, such as their email and password, or loading malware onto the tax pro’s computer.

Other scammers send phishing emails [ [link removed] ] to trick people into sharing other content, such as Central Authorization File [ [link removed] ] information.

Phishing and related scams are among the most common threats facing tax pros. These are designed to deceive recipients into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers, or fool them into clicking a suspicious link, filling out information or downloading a malware file.

Scammers also employ elaborate schemes involving calls, texts and even fake printed correspondence to try to worm their way into tax pros’ sensitive files. Professionals should also watch out for clients being duped by social media scams [ [link removed] ] circulating inaccurate or misleading [ [link removed] ] tax information.

*Watch out for warning signs ** *

Tax pros should also learn the signs of data theft so they can act quickly to protect their clients. These red flags can include a notice that an IRS online account was created without their consent, clients receiving a tax transcript they didn’t request or client tax returns being rejected because their Social Security number was already used on another return. Other warning signs can be more technical in nature, like unexpected slowdowns on their computer networks or cursor movements or number changes when no one is touching a mouse or keyboard.

If tax pros encounter situations like these or others, they should contact the IRS immediately when an identity theft issue surfaces.

*Helpful tools available** *

The IRS and Security Summit reminded tax pros that they now need to have a Written Information Security Plan, or WISP [ [link removed] ]. As part of this summer’s awareness effort, the Summit Tax Professionals Working Group released an updated WISP template to help tax and industry professionals keep customer and business information safe and secure.

The requirements include implementing multi-factor authentication or MFA for any individual accessing any information system unless a firm’s qualified individual has approved in writing the use of reasonably equivalent or more secure access controls.

MFA is required for tax pros’ systems under new Federal Trade Commission rules to strengthen account security by requiring more than just a username and password to confirm one’s identity when accessing any system, application or device. Other factors include something users have, like a token or random number sequence sent to their cell phone, or something about them like biometric information, to provide extra assurance that a tax pro’s client is gaining access rather than an impostor.

This summer’s series also highlights for tax professionals the importance of using a set of protections called the Security Six: anti-virus software, firewalls, backup software or services, encrypted drives, MFAs and virtual private networks or VPNs.

The IRS and the Security Summit partners also reminded tax pros and taxpayers about the IRS Identity Protection PIN Opt-In Program [ [link removed] ] and to set up IRS online accounts. Both steps help further protect people against tax-related identity theft.

After a taxpayer gets a six-digit IP PIN, they must include it on their tax return before e-filing. To get one, taxpayers should visit the Get an IP PIN [ [link removed] ], and after they have it, remember the following:


* Taxpayers should share their IP PIN only with their trusted tax prep provider.
* Tax pros should never store clients’ IP PINs on computer systems. This reduces taxpayer risk if a tax pro's system is compromised by an identity thief or cyberattack.
* The IRS will never call, email or text either taxpayers or tax professionals to request the IP PIN. This is a sign of a scam.

*Tax pro with a security problem? Contact an IRS Stakeholder Liaison, states and FTC ** *

Tax pros who receive scams by email should send the email to [email protected].

Those who fall victim to a security breach should report a theft to their IRS Stakeholder Liaison [ [link removed] ], who will ensure that appropriate IRS offices are alerted. If incidents are reported quickly, the IRS can take steps to block fraudulent returns in clients’ names and will assist tax pros through the process.

Tax professionals can also share information with the appropriate state tax agency by visiting a special “Report a Data Breach” [ [link removed] ] page with the Federation of Tax Administrators.

Tax professionals should also understand the FTC data breach response requirements [ [link removed] ] as part of their overall information and data security plan. The new WISP also includes information on the requirement to report an incident to the FTC within 30 days of the incident when 500 or more people are affected.

*Additional resources ** *


* Review Publication 5293, Data Security Resource Guide for Tax Professionals [ [link removed] ], which provides an overview and resources about how to avoid data theft.
* Tax professionals can also get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data [ [link removed] ], the IRS' Identity theft information page for tax pros [ [link removed] ] and Identity theft central [ [link removed] ] page.
* Publication 5709, How to Create a Written Information Security Plan for Data Safety [ [link removed] ].
* Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice [ [link removed] ].
* Read Small Business Information Security: The Fundamentals [ [link removed] ], by the National Institute of Standards and Technology.

Tax professionals should also stay connected to the IRS through subscriptions to e-News for tax professionals [ [link removed] ] and its social media sites [ [link removed] ].

 

Back to Top [ #Fifteenth ]

FaceBook Logo [ [link removed] ]  YouTube Logo [ [link removed] ]  Instagram Logo [ [link removed] ]  Twitter Logo [ [link removed] ]  LinkedIn Logo [ [link removed] ]

________________________________________________________________________

Thank you for subscribing to the IRS Newswire, an IRS e-mail service.

If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].

This message was distributed automatically from the mailing list IRS Newswire. *Please Do Not Reply To This Message.*


________________________________________________________________________

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need your email address to log in. If you have questions or problems with the subscription service, visit subscriberhelp.govdelivery.com [ [link removed] ].

This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].


body .abe-column-block {min-height: 5px;} ________________________________________________________________________

This email was sent to [email protected] by: Internal Revenue Service (IRS) · Internal Revenue Service · 1111 Constitution Ave. N.W. · Washington, D.C. 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
Screenshot of the email generated on import

Message Analysis