ID theft directly targeting tax preparers

January, 18 2017 by Chris Rubino
Person backpacking in mountains

George Mallory, a famous mountain climber, when asked why he wanted to climb Mt. Everest, replied “Because it’s there.” While Mallory was a man of high repute, those with much more nefarious motives have started targeting tax preparers to obtain personally identifiable information (PII) of the tax preparer’s clients, ostensibly on the theory “Because it’s there.”
 
In the course of preparing taxes, a good deal of confidential PII is accumulated that can be used by thieves to perpetuate ID theft, including the preparation of fraudulent returns. We of the tax community have a duty and an obligation to do everything within our means to protect the information we gather as we conduct our businesses.
 
The newest scam involves cybercriminals approaching the tax preparer in the guise of a potential client, sending an email to the preparer which asks about using the preparer’s services. The email may even appear to come from a legitimate organization, colleague, or friend, if their emails or systems were previously hacked. If the tax preparer then responds to this initial email, the cybercriminal replies with a second follow-up message containing an embedded web address, or with an embedded web address in an attachment. If the preparer clicks on this address, instead of downloading a client’s information, a virus or malware is downloaded that sends information to the cybercriminal.
 
There are some commonly accepted best practices in regard to email phishing scams that we can do to protect our clients’ information.

 
  • Understand that email is never a secure form of communication.
  • Do not respond to emails from unknown sources.
  • Never click on links contained within emails (including attachments) that are unsolicited, or unexpected, or from unknown senders.
  • Be wary of emails that seem to come from a known sender, but are out-of-the ordinary for that person or entity. You may want to contact the person by phone instead of replying by email.
 

Information security is, in today’s world, vital to our clients and ourselves. The IRS, after being hacked in 2015 through their transcript delivery system, is placing ever more emphasis on information security. More information that can be very helpful to the tax community in regard to the IRS’ efforts can be found at Protect Your Clients; Protect Yourself.

Want peace of mind?

Learn About Prepaid Audit Defense

CATEGORIES
View All Articles
TaxAudit Blog Home
Submit a Question
 
Chris Rubino, EA

Chris Rubino, EA
Tax Content Developer

 
Chris’ current job title at TaxAudit is Tax Content Developer. He is an Enrolled Agent, and at present spends most of his time in the Education and Research Department, writing texts for the Education team and researching tax questions that arise during audits. During his time at TaxAudit he has been in a number of roles, including Return Reviewer and Audit Representative. He brought a varied financial background to TaxAudit, including income tax preparation and financial planning advisement. 
 

Recent Articles

The IRS may determine your business is a hobby, limiting what you can deduct as expenses. This is particularly true if the activity consistently loses money.
Learn More ›
Yes, car insurance can be tax deductible for self-employed taxpayers, Armed Forces reservists, qualified performing artists, and some government officials.
Learn More ›
PMI, funding fees, and guarantee fees can be deductible if you qualify. One qualification is your mortgage loan must have been taken out between 2007 and 2021.
Learn More ›
A tax lien occurs when the IRS makes a legal claim to your property to settle a tax debt. There are options if you can't pay the total amount or disagree.
Learn More ›
This blog does not provide legal, financial, accounting, or tax advice. The content on this blog is “as is” and carries no warranties. TaxAudit does not warrant or guarantee the accuracy, reliability, and completeness of the content of this blog. Content may become out of date as tax laws change. TaxAudit may, but has no obligation to monitor or respond to comments.