Tax pros continue to be targeted by identity thieves; IRS, Security Summit urge continued vigilance against evolving threats as special summer education series, Nationwide Tax Forums begin


Protect Your Clients; Protect Yourself series runs for eight weeks

IR-2024-180, July 2, 2024

WASHINGTON — With new and evolving scams emerging, the Internal Revenue Service and the Security Summit partners today announced the start of the special summer Protect Your Clients; Protect Yourself campaign to help tax professionals protect themselves against new and ongoing threats involving tax-related identity theft.

“Security threats against tax professionals and their sensitive taxpayer information continue to evolve, and it’s critical to stay on top of the latest developments to protect their business and their clients,” said IRS Commissioner Danny Werfel. “The Security Summit effort between the IRS, states and the nation’s tax industry has worked to protect taxpayers and tax returns from identity thieves, and tax professionals form a key part of these security defenses. It's critical that everyone in the tax professional community, including smaller practices, stay current on the latest developments to keep their systems safe and protect their clients."

Now in its ninth year, the Security Summit partners have worked together to raise awareness about these issues in the tax professional community through the Protect Your Clients; Protect Yourself campaign. This is part of the larger effort by the Summit coalition of the IRS, state tax agencies and the nation's tax community to battle tax-related identity theft that has been in place since 2015.

Security threats against tax professionals remain a daily threat. Through the spring, IRS Stakeholder Liaisons had received reports of nearly 200 tax professional data incidents potentially affecting up to 180,000 clients.

With this summer’s Protect Your Clients; Protect Yourself campaign, the Summit partners will work to raise awareness among tax professionals about the importance of maintaining strong security, and what to do if a security incident occurs.

“There are special steps that tax professionals need to take to protect themselves from scammers trying to obtain sensitive information in attempts to file fraudulent state and federal tax returns,” said Sharonne Bonardi, executive director of the Federation of Tax Administrators representing state tax agencies and a co-chair of the Summit’s communications team. “Continued vigilance by tax professionals is a critical part of the larger effort needed to protect tax information at the state and federal level.”

This summer’s effort will be anchored around a series of eight news releases that will run for consecutive weeks each Tuesday, coinciding with the start of the IRS Nationwide Tax Forum on July 9 in Chicago. The news release series and the summer Tax Forums will provide important information to help protect sensitive taxpayer data that tax professionals hold while also protecting their business from identity thieves.

“As the Security Summit has worked collaboratively to strengthen our internal protections against identity thieves, they have shifted more attention to tax professionals and other businesses in hopes of stealing vital information needed to file a tax return and slip through the tax community’s defense systems,” said Julie Magee, tax policy lead at Block Inc and a co-chair of the Summit’s communications team. “This means tax professionals need to be extra cautious in protecting their data.”

“We continue to educate tax professionals on security measures to prevent data breaches that expose taxpayers' private information and jeopardize their business,” said Taylor Rodier, legislative affairs director at Taxwell and a co-chair of the Summit communications team. “Staying on top of the latest developments and keeping their security up to date is vital.”

2024 Nationwide Tax Forums in five cities focus on tax professional security; registration deadlines approaching

In addition to the series of eight news releases, the tax professional security focus will be featured at this summer's Nationwide Tax Forums. Following the three-day forum in Chicago, the forums will continue on July 30 in Orlando, Aug. 13 in Baltimore, Aug. 20 in Dallas and Sept. 10 in San Diego.

The IRS reminds tax pros that registration deadlines are quickly approaching for several of the forums, which can sell out.

The forums will feature several specific sessions to help educate the tax professional community on security-related topics. Tax professionals will hear from experts at the IRS, the tax professional community as well as a special session from the Salve Regina University’s Pell Center from Rhode Island. The entire news release series will be available in Spanish as well.

By taking some basic security steps, tax pros can help protect themselves against the relentless efforts of identity thieves. This summer's effort includes reminders for tax pros to focus on fundamentals and to watch out for emerging vulnerabilities as well as new updates involving multi-factor authentication and the latest on Written Information Security Plan PDF, or WISP, which all tax professionals are required to have.

Tax professionals are prime targets of criminal syndicates that are both tech- and tax-savvy. These scammers either trick or hack their way into tax professionals' computer systems to access client data. Even when tax pros think they have client data stored in a secure platform, such as the cloud, lack of strong authentication can make this information vulnerable.

Identity thieves use stolen data to file fraudulent tax returns that make it more difficult for the IRS and the states to detect because the fraudulent returns use real financial information. Other data thieves sell the basic tax preparer or taxpayer information on the web so other fraudsters can try filing fraudulent tax returns.

The summer Security Summit tax pro campaign will cover key topics that will highlight a series of simple actions that tax professionals can take to better protect their clients and themselves from data theft. Highlights of the summer news release series being issued in upcoming weeks will highlight these topics:

  • Create a security plan. The Written Information Security Plan PDF, or WISP, is an easy-to-understand document developed by and for tax and industry professionals to keep customer and business information safe and secure. Security Summit partners, including tax professionals, software and industry partners, representatives from state tax groups and the IRS developed the WISP. The Summit partnership will highlight these plans at each of the five IRS Nationwide Tax Forums this year.
  • New, emerging scams targeting tax pros. The Summit continues to see new scams targeting tax professionals in attempts to gain access to their systems. This news release will highlight new and ongoing schemes targeting the tax community, including new client scams and other elaborate efforts.
  • Phishing, spear phishing and whaling. These aren't summer activities; these are real cyber schemes that put sensitive information at risk. Tax pros are a common, everyday target of phishing scams designed to trick the recipient into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Tax professionals, and taxpayers, should be aware of different phishing terms and what the scams might look like.
  • Sign up clients for identity protection PINs, IRS Online Account. The IRS now offers IP PINs to all taxpayers who can verify their identities online, on the phone with an IRS employee after filing a Form 15227 or in person. To obtain an IP PIN, the best option is the IRS online tool Get an IP PIN.
  • Know the tell-tale signs of identity theft. Many tax professionals who report data theft to the IRS also say they were unaware of signs that a theft had already occurred. There are many signs for which tax pros should watch. These include multiple clients suddenly receiving suspicious IRS letters requesting confirmation that they filed a tax return; tax professionals seeing e-file acknowledgements for far more tax returns than they filed; and tax pros' computer cursors moving seemingly on their own.
  • Understand the Security Six protections. This includes using anti-virus software, a firewall, multi-factor authentication, drive encryption, virtual private networks or VPN and backing up critical files.

Related items