Cybercriminals continue to steal client data from tax advisors to create fraudulent returns that are harder to detect, the IRS says.
“You can take all the cybersecurity steps in the world, but tax professionals and others in the business world should remember you are only as safe as your least educated employee,” said IRS Commissioner Chuck Rettig in a prepared statement. “Cybercriminals use phishing emails and malware to gain control of computer systems or to steal usernames and passwords. These can provide a treasure trove of information that can lead to tax-related identity theft.”
The IRS and its Security Summit partners, which include 42 states and tax-industry companies, are urging tax professionals to review their data security systems and beware of the continuing threat from phishing emails.
In fact, more than 90% of all data thefts start with a phishing email that includes a link that takes employees to a fake site or an attachment embedded with malware that secretly downloads onto their computers.
Tax professionals are often victimized with a tactic called spear phishing, the IRS says. The objective of a spear phishing email is to pose as a trusted source and “bait” the recipient into opening an embedded link or an attachment. “The email may make an urgent plea to the tax pro to update an account immediately,” the IRS says. “A link may seem to go to another trusted website, for example a cloud storage or tax software provider login page, but it’s actually a website controlled by the thief.”
“An attachment may contain malicious software called keylogging, which secretly infects computers and provides the thief with the ability to see every keystroke,” the IRS continued. “Thieves can steal passwords to various accounts or even take remote control of computers, enabling them to steal taxpayer data.”
Here are some common scams the IRS says it sees:
• Spear phishing scams. Thieves pose as prospective clients, sending unsolicited emails to tax professionals. After an exchange of emails, the thief sends an email with an attachment, claiming it contains the tax information needed to prepare a return. Instead, it contains spyware that allows thieves to track each keystroke.
• Tax software and data storage scams. Thieves pose as tax software providers or data storage providers and send emails containing links that go to web pages that mirror real sites. The thieves’ goal is to trick tax professionals into entering their usernames and passwords into these fake sites, which the crooks then steal.
• Ransomware. Rather than stealing the data, theives encrypt it. Once they encrypt the data, thieves demand a ransom in return for the code to unencrypt the data. The FBI warns users not to pay the ransom because thieves often do not provide the code. The FBI has called ransomware attacks a growing threat to businesses and others.