Cybercriminals target tax professionals because you are custodians of highly sensitive client data.
They attempt to steal your client's personal financial information so they can create fraudulent tax returns and claim fake refunds.
Report Suspected Identity Theft or Data Loss
If your clients need assistance preventing, reporting, or recovering from identity theft, review our information for:
You or Your Firm
If you or your firm are the victim of data theft, immediately:
- Report it to your local stakeholder liaison
Liaisons will notify IRS Criminal Investigation and others within the agency on your behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in your clients’ names and will assist you through the process.
- Email the Federation of Tax Administrators at StateAlert@taxadmin.org
Get information on how to report victim information to the states. Most states require that the state attorney general be notified of data breaches. This notification process may involve multiple offices.
Find more information at Data Theft Information for Tax Professionals.
Protect Your Clients and Prevent Data Loss
You are the first line of defense against identity theft. You must be alert and on guard at all times. In addition to trying to steal client data, thieves may try to steal your identity as well, using your PTINs, EFINs and CAF numbers to file fraudulent returns or steal even more information.
Know Your Responsibilities
Federal law requires you to create, implement and maintain an information security plan to protect client data, no matter the size of your firm.
- Have your cybersecurity staff develop a data security plan
- Contact a cybersecurity consultant
If you can’t afford a cybersecurity staff or consultant, review and act using these materials:
- Publication 4557, Safeguarding Taxpayer Data (PDF)
This publication provides an overview of tax professionals legal obligations to protect taxpayer information and provides a step-by-step checklist for how to create and maintain a security plan for your digital network and office
- NIST’s Small Business Information Security – The Fundamentals (PDF)
The National Institute of Standards and Technology (NIST) is a branch of the U.S. Commerce Department. It sets the information security framework for federal agencies. It also produced this document to provide small businesses with an overview of those steps to security data. Its focus is on five principles: identify, protect, detect, respond and recover
- Taxes-Security-Together Checklist
A quick overview of security steps tax professionals should take
- Protect Your Clients; Protect Your Business
Our awareness campaign aimed at practitioners
Additionally, tax professionals generally can find cybersecurity support through their professional insurer if they have data theft coverage.
Note: the IRS can’t recommend security products.
The Federal Trade Commission (FTC) administers the law and created the Safeguards Rule.
Know the Signs of Data Theft
You or your firm may be a victim and not even know it. Here are some common clues to data theft.
You notice that:
- Client e-filed returns reject because we received another return with a client’s Social Security Number
- You receive more e-file acknowledgements than returns you know you filed
- Your clients respond to emails that you didn’t send
- You experience slow or unexpected responsiveness from your computer or network such as:
- Software or actions take longer to process than usual
- The cursor moves or changes numbers without you touching the mouse or keyboard
- You get locked out of your network or computer
Your clients tell you that they receive:
- Authentication letters (5071C, 4883C, 5747C) from us even though they haven’t filed a return
- A refund even though they haven’t filed a return
- A tax transcript they didn’t request
- Emails or calls from you that you didn’t initiate
- A notice that someone created an IRS online account for them without their consent
- A notice they weren’t expecting that:
- Someone accessed their IRS online account
- We disabled their IRS online account
An estimated 91 percent of all data breaches and cyber attacks begin with a spear phishing email that targets you. Their objective is to get you to click on a link or open an attachment (ex. PDF, Word Doc, Excel file, Image). This allows the thief to steal passwords or download malware that tracks keystrokes or gives the thief control of your computer.
The criminal poses as a trusted source. Examples include:
- IRS eServices
- A tax software company you do business with
- A cloud-storage provider
- A potential client
- A professional colleague
Here are two clues that an email is a targeted scam. The email:
- Appears to be from a trusted source or potential client but seems a bit off
- Has an urgent message to bait you into opening a link or attachment. (ex. Update your account now!)
Prevent Identity Theft
Stay vigilant. You may not know about a data theft until your clients receive a notice or can’t e-file because we already received a return with their Social Security Number.
Here are some things you can do:
- Track returns you filed through your daily e-file acknowledgements. If you receive more acknowledgements than returns you know you filed, dig deeper
- Track your weekly EFIN usage. We post the number of returns filed with your Electronic Filing Identification Number (EFIN) weekly
- Log into your e-Services account
- Access your e-file application and check “EFIN Status”
- If the numbers are off, contact the e-Help desk
- Keep your EFIN application up-to-date with all phone, address or personnel changes
- Check your PTIN account for a weekly report of returns filed with your Preparer Tax Identification Number (PTIN) if:
- You are a ‘Circular 230 practitioner’ or an ‘annual filing season program participant,’ and
- You file 50 or more returns a year
These are the most basic steps to take:
- Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update
- Use responsible passwords:
- Create passwords of at least eight characters (longer is better)
- Use special and alphanumeric characters
- Use passphrases instead of passwords
- Use a different password for each account
- Password protect wireless devices
- Consider a password manager program
- Encrypt all sensitive files/emails and use strong password protections
- Back up sensitive data to a safe and secure external source not connected fulltime to a network
- Wipe clean or destroy old computer hard drives and printers that contain sensitive data
- Limit access to taxpayer data to individuals who need to know
Your systems are only as safe as the least informed employee. Follow these simple steps also can help protect against stolen data:
- Use separate personal and business email accounts
- Protect email accounts with strong passwords and two-factor authentication if available
- Install an anti-phishing tool bar to help identify known phishing sites
- Anti-phishing tools may be included in security software products
- Use security software to help protect systems from malware and scan emails for viruses
- Never open or download attachments from unknown senders, including potential clients; verify the email is authentic by calling them
- Send password-protected and encrypted documents only
- Do not respond to suspicious or unknown emails; if the email is IRS-related, forward it to firstname.lastname@example.org
See the Security Summit’s recent summer campaigns:
How We Help
- Initiate contact with taxpayers by email, text or social media to request personal or financial information.
- Call taxpayers with threats of lawsuits or arrests
- Call, email or text to request taxpayers’ Identity Protection Pins
We alert you as quickly as possible when we learn of a new scam, Scams are especially common during the filing season. Sign up so you can stay up to date with the latest alerts and tax administration issues: