W-2s and 1099s have been sent. The scramble to compile receipts and itemizations has begun. Tax professionals are gearing up for their busiest time of the year, even as free tax filing options become more available. And — surprise, surprise — cybercriminals are taking advantage.
Cybersecurity experts and government agencies have issued several recent bulletins about hackers working hard to steal sensitive information. The Internal Revenue Service (IRS), state tax agencies, and tax industry specialists say that phishing scams targeting tax preparers are proliferating. These scams typically involve someone posing as a potential client looking to make an appointment or a regulatory body asking for sensitive information.
For consumers, tax returns continue to be one of the biggest targets for cybercrime. In 2022, the IRS Criminal Investigation division reported more than 2,500 data breaches involving tax professionals, compared to 250 in 2018 — a more than 1,000% increase. The IRS has also received increasing reports of cybercriminals posing as IRS e-Services, asking tax pros to sign into their accounts using an illicit link. The link, however, sends tax pros to a fake e-Services site that steals their usernames and passwords.
Hackers thrive on confusion this time of year, often flooding targets with many different forms of schemes and phishing attempts. Individuals often find that a cybercriminal has filed a fraudulent return before they even have the chance to complete a legitimate one. More than 5 million fraudulent returns were filed in 2020, rushing to take advantage of pandemic-related payouts.
Large refunds can be deposited in fake bank accounts or in taxpayers’ real ones, at which point criminals double down on their ruse. They then pose as debt collectors and reach out to consumers to notify them that the refunds had been sent in error. The victims are then requested to forward the money to another contact. It becomes incredibly complicated to untangle these types of crimes — and bad actors benefit from the IRS’ growing backlog of audits and investigations.
What can tax preparers and consumers do to stay safe?
As tax season approaches, CMIT Solutions recommends the following strategies, all of which should be backed by the support and consultation of trusted IT partners and reliable tax professionals who keep their own systems safe:
- Safeguard your personal information and set up an Identity Protection PIN through the IRS. Stealing a Social Security number (SSN) opens up a world of possibilities for criminals looking to execute tax refund scams. Protect your SSN as carefully as possible. Never provide it over the phone or via email before confirming the identity of the person you’re communicating with, and fill it in last on applications and tax returns, right before you sign or file. Make sure those documents are encrypted, too, to prevent a data breach. The IRS also offers an IP PIN, a voluntary step to secure your tax return with a six-digit passcode that serves as a password to verify your real identity and prevent an impostor from filing in your name.
- Filing electronically? Use a trusted, secure Internet connection. Do not file your tax return (or even work on it and save the progress) while connected to public Wi-Fi at coffee shops, conference centers, airports, or other public places. Make sure any tax preparation website you visit has “https” in the URL, and check to ensure your Wi-Fi connection is password protected.
- Do not click any links in an email promoting tax preparation software. Phishing schemes impersonating TurboTax, IRS E-File, H&R Block, and other popular applications abound this time of year. Do not blindly click links included in any message — hackers can set up fake web pages that contain forms asking for your personal information. Instead, manually type out the website address of the service you want to use to avoid being redirected to an illicit page.
- If you work as a tax professional, avoid communicating with potential or existing clients solely through email. Always set up phone calls, video chats, or in-person meetings to go over sensitive information and confirm the identity of the person you’re working with. This is particularly true if any unusual accommodations are requested, like duplicate copies of a W-2, address changes, Social Security number additions, or new bank account details. Phishing scams will always attempt to steal this information via email — don’t fall for a scammer’s common trick.
- As a consumer, beware of phone calls or text messages purporting to be from the IRS or state tax agencies. If one of these government bodies needs to communicate information to you, they will almost always do it in a physical letter delivered via U.S. Mail first. Other supposed organizations claiming to be contacting you include the Taxpayer Advocate Service or the Bureau of Tax Enforcement. Use caution with unsolicited calls or text messages from people claiming to be from one of these agencies. If you receive communication in this way, don’t provide any personal information, don’t click on any link to test it out, ask for a reference number, and then check to see if the caller’s or sender’s number is an official one.
- Work with an IT provider to defend against ransomware, malware, phishing scams, and web-based malvertising. Experienced hackers will use different methods to try and steal your information. The stronger your overall defenses, the less of a chance they can succeed. By working with a trusted IT services provider, you can automatically deploy security updates and software patches to all your hardware and software. You can also build strong network defenses around every endpoint in your IT ecosystem, preventing intrusions before they cause a problem.
With tax season ramping up, the potential for security breaches increases. If you want to enhance cybersecurity and protect your sensitive information as Tax Day approaches, contact CMIT Solutions today.
We have more than 25 years of experience working with tax preparers, financial professionals, and businesses of all sizes across North America to safely navigate these challenging times.