1. If you file electronically, access an online tax filing service on a trusted, secure Internet connection.
That means no filing your tax return (or even working on it and saving the progress) while connected to public Wi-Fi at coffee shops, hotel business centers, airports, or other public places. Make sure any site you connect with has “https” in the URL, that any connection you use is password protected, and that you manually type out links to tax preparation software rather than following links from emails.
2. If you work as a tax professional, try to avoid communicating with potential or existing clients solely through email.
This is particularly true if any unusual accommodations are needed, like requests for duplicate W-2 copies, address changes, Social Security numbers, email addresses, or financial information. The recent spike in phishing scams (see below for sample emails) means no valuable data should be transmitted electronically when a phone call or in-person meeting will suffice.
3. If you’re mailing a paper copy of your return, never put it in an outgoing mailbox that can be accessed by someone else.
Instead, mail it directly from the post office. Also, never take pictures of sensitive tax information or store them on your mobile device or computer.
4. Implement proactive monitoring and maintenance provided by a trusted IT partner to help defend against malware, viruses, and known phishing sites.
These types of services will provide automatic security updates and software patches so you don’t have to worry about evolving scams. In addition, they will keep up with new attempts to steal information and prevent bad actors from compromising your systems.
5. Educate all employees about phishing scams as the tax filing deadline gets closer.
Make sure everyone uses strong, unique passwords with two-factor authentication and password management where necessary. Never take an email from a familiar source at face value; for example, an email from “IRS e-Services.” If it asks you to open a link or attachment, or includes a threat to close your account, think twice. NEVER click on any link or attachment included in an email that discusses tax information.
In recent days, the IRS has provided these early variations of phishing schemes:
- “Happy new year to you and yours. I want you to help us file our tax return this year as our previous CPA/account passed away in October. How much will this cost us? Hope to hear from you soon.”
- “Please kindly look into this issue, a friend of mine introduced you to me, regarding the job you did for him on his 2018 tax. I tried to reach you by phone earlier today but it was not connecting, attach is my information needed for my tax to be filed if you need any more details please feel free to contact me as soon as possible and also send me your direct telephone number.”
- “I got your details from the directory. I would like you to help me process my tax. Please get back to me ASAP so I can forward my details.”
The IRS also has received recent reports of cybercriminals posing as IRS e-Services, asking tax pros to sign into their accounts and providing a disguised link. The link, however, sends tax pros to a fake e-Services site that steals their usernames and passwords.
Tax practitioners or taxpayers receiving emails from fraudsters posing as the IRS or tax software providers are recommended to go directly to IRS.gov and forward attempted phishing emails to firstname.lastname@example.org. Remember, the IRS does not send unsolicited emails — and your tax prepare shouldn’t either!
Want to know more this tax season about how to enhance cybersecurity and keep your sensitive information safe? Contact CMIT Solutions today.