The IRS has issued ‘Security Six’ protections, a list of six security steps that taxpayers and tax professionals can use to stay safe from tax scammers. According to the IRS, there has been a dramatic decrease in identity theft fraud, which has fallen almost two-thirds since 2015. Yet, millions of dollars are still claimed in fraudulent refunds by scammers each year.
With the scam artists coming back with new ways to deceive taxpayers, it’s important to stay aware of their latest scam methods in order to avoid them. The Daily Swig details:
“The new guidelines recommend using antivirus software, firewalls, two-factor authentication, and drive encryption, as well as backing up data and creating and securing virtual private networks (VPNs).
Meanwhile, all ‘professional tax preparers’ are required by law to create and maintain a security plan for client data, focusing on key risk areas such as employee management and training, information systems, and detecting and managing system failures.
Tax professionals should also educate themselves on phishing and ransomware, and have a data theft recovery plan in place.
Everyone is a potential target
‘These six steps are simple actions that anyone can take,’ says IRS commissioner Chuck Rettig.
“The important thing to remember is that every tax professional, whether a sole practitioner or a partner in a large firm, is a potential target for cybercriminals. No tax business should assume they are too small or too smart to avoid identity thieves.”
Signs to look out for, says the IRS, include clients receiving IRS letters about suspicious tax returns in their name or tax transcripts they did not request.
Tax practitioners should also check that there have not been more tax returns filed with a particular Electronic Filing Identification Number than were submitted.
The guidelines have been welcomed – but they don’t go far enough, according to Matt Lock, technical director at security firm Varonis.
‘Advising tax professionals to use antivirus and firewalls is sage advice – 20 years too late,’ Lock tells The Daily Swig. ‘They might as well tell them to bring a slingshot to a gunfight.’
‘Professional tax services need to lock down their files to a least-privilege model to help guard against insider threats, which can be just as harmful as any APT [advanced persistent threat].’
‘This approach will help maintain ethical walls – that is, employees should only be able to access the client files they need to do their work, period.’”