Text Resize
Subsribe to RSS Feed

Sunday July 25, 2021

Washington News

Washington Hotline

Protecting Your Data from Phishing Scams

As part of the Security Summit, the Internal Revenue Service published a guide on how to protect yourself from phishing scams. The new scams attempt to prey on taxpayers and tax advisors using COVID-19, Economic Impact Payments and taking advantage of teleworking by tax professionals.

IRS Commissioner Chuck Rettig stated, "The coronavirus has created new opportunities for cybercriminals to use email to try stealing sensitive information. The vast majority of data thefts start with a phishing email trick. Identity thieves pose as trusted sources – a client, your software provider or even the IRS – to lure you into clicking on a link or attachment. Remember, don't take the bait. Learn to recognize and avoid phishing scams."

The Security Summit emphasized four general phishing strategies. These include an urgent message, a delayed notice, COVID–19 fears and posing as a client.

1. Urgent message

A common phishing scam is to send a message that appears to be urgent. It may claim to be from one of the victims' financial institutions and explains that an account password or log in information has expired. The victim is directed to click on the link to restore account data. The phishing email often comes from a site that is one letter or number different from the official website. When the user clicks on the link, malware will be installed on the computer, which enables the thief to steal personal information and passwords.

2. Delayed notice

After the thief has installed malware on a computer, he or she may delay taking action for a period of time. One tax preparation firm had thieves on their network for 18 months without any indication. The thieves downloaded and accessed taxpayer information during that entire timeframe prior to the discovery of the information technology breach.

3. COVID–19 Fears

Another common phishing attack is for the fraudster to claim to be a provider of face masks or personal protective equipment (PPE). The scammer explains that the face masks or PPE are in such short supply that you need to order immediately from his or her organization. When you click to order, the scammer loads malware on your computer.

4. Posing as a client

Many tax professionals are in daily communication with large numbers of existing clients. A fraudster may hack the email account of a client and then send an email to the tax professional. The tax professional may be expecting contact from that client and does not realize that the email has been sent from a different web site or server. When the tax professional clicks on a link, malware is downloaded. Tax professionals are urged by the Security Summit to make contact with clients by phone or video conference if they receive a suspicious email.

Everyone needs to be aware of the risk of phishing emails. Most successful fraudster attacks start with a phishing email. Tax professionals must continually educate their staff on the "dangers and risks of opening suspicious emails – especially during the COVID-19 period."

Additional security recommendations are available in IRS Publication 4557, Safeguarding Taxpayer Data and in the Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology.

Published August 14, 2020
Subsribe to RSS Feed

Previous Articles

IRS to Distribute $500 Dependent Stimulus Payments

IRS Warns of "Dirty Dozen" Tax Scams - Part III

IRS Warns of "Dirty Dozen" Tax Scams – Part II

IRS Warns of "Dirty Dozen" Tax Scams

Last Minute Tax Filers Nearing July 15 Date