With tax day moving to July 15th this year, it’s crucial to have a plan for keeping your financial information safe. New phishing scams are frequently being identified by state tax agencies, tax professionals, and the Internal Revenue Service. In some cases, these organizations find that the scammers will pose as potential clients or the IRS to attempt to trick tax preparers into disclosing your sensitive financial information.
Last year, there were thousands of reports to the IRS regarding data breaches that were related to tax and CPA firms. This is part of the year-over-year trend of significant increases in cybercrime. In many cases, the hackers will move quickly, filing the fraudulent returns before the taxpayer can do it themselves.
These fraudulent tax returns are often filed with accurate information, including taxpayer names, Social Security numbers, bank account information, and addresses, as well as the correct amount of dependents.
It is suspected that these scams originated in professional tax offices that were targeted by phishing scams on their networks, servers, laptops, and desktops. This malicious software is installed on their devices and allows hackers to access protected information.
At CMIT Solutions, we’ve put together some information and strategies on how both tax preparers and taxpayers can keep financial information safe.
For potential and existing clients, it is vital to beware of requesting sensitive documents for duplicates copies of W-2s, address changes, email addresses, Social Security numbers, or other financial information via email. With the recent spike in phishing scams, valuable data should not be requested through email but rather through a phone call or an in-person meeting.
With our multi-layered security defense method, you can defend your information against malware, phishing sites, and viruses. Our multiple layers of security will provide you with software patches to block evolving scams as well as security updates. With our daily monitoring and spot inspections, we can make sure your information remains secure.
One way to help keep information secure is to have your staff use unique, strong passwords as well as two-factor authentication and password management where it is needed.
It is also essential to be cautious of emails that are from a familiar source such as anything from “IRS e-Services.” These types of emails should be scrutinized, especially if they ask you to open a link or an attachment or makes threats to close your account. You should avoid clicking any link or opening any attachment that is included in an email that is discussing tax information.
Common phishing scheme examples include:
“Have you finished filing your taxes? Please help us file our tax return this year as our former CPA passed away. How much will this cost? I hope to hear from you soon.”
“I got your details from a friend of mine. I need you to help me process my taxes. Please get back to me as soon as possible so that I can forward my details.”
Another scheme the IRS has seen is cybercriminals posing as IRS e-Services and asking tax professionals to sign into their accounts with a disguised link. This link sends the tax professionals to an illegitimate website that steals their usernames and passwords.
It’s crucial to avoid working on your tax return or filing if your device is connected to public Wi-Fi. Public Wi-Fi in places such as a coffee shop, airport, or hotel business center is not as secure as a password-protected Wi-Fi.
When filing electronically, be sure to make sure that every site you connect with has “https” included in the URL. It would help if you also typed out any links to tax preparation software, rather than following the link from your email.
If possible, it is best to mail it directly from the post office. If that is not an option, make sure no one else can access your mailbox when mailing it out. Avoid taking photos of your tax information or storing it on your computer or mobile device.
At CMIT Solutions, we will assess your cybersecurity exposure, remediate any sever security risk with multi-layer defenses, and will also manage these cybersecurity defenses daily to ensure your data remains protected. We can also assist you in establishing ongoing team training to help further protect your business.
Contact us today to learn more!