Identity Theft Resource Center for Tax Professionals
This page is designed to give tax preparers the tax identity theft resources they need to meet their security obligations and improve their defenses against tax related identity theft, which includes safeguarding their computer systems from cybercriminals. This page will also let tax preparers know the latest tactics identity thieves are using to obtain personal information from individuals.
Tax Identity Theft
Tax preparers have become key targets of criminal syndicates that are well funded and tech-savvy. They target tax preparers because they are custodians of highly sensitive personal financial information that they can use to create fraudulent tax returns and claim fake refunds.
Identity thieves are not only aiming to steal the client data from a tax preparer; therefore, they are targeting the tax preparer’s identity as well. They then use the preparer’s PTIN, EFIN, and/or CAF numbers to file fraudulent tax returns or steal even more information.
Because they increasingly have become targets, tax preparers need to take steps to protect their client’s data and their computer networks from these threats.
Lastly, it is important to note that tax preparers are required by federal law (Gramm-Leach-Bliley Act of 1999) to create and maintain a written data security plan. The Federal Trade Commission administers this law and created a Safeguards Rule to administer the law.
How to Prevent Tax Identity Theft
Here are basic security steps that tax preparers should take to prevent tax identity theft:
Learn to recognized phishing emails. Never open a link or any attachment from a suspicious email.
For further information and resources see:
- IRS Publication 5443-C – Avoiding Phishing Scams
- FTC – How to Recognize and Avoid Phishing Scams
- Security Summit warns tax pros of evolving email and cloud-based schemes to steal taxpayer data
- Latest spear phishing scams target tax professionals
Create a data security plan
Use IRS Publication 5708 (Creating a Written Information Security Plan for your Tax & Accounting Practice) to help you create your data security plan. This publication is a 29-page document that is designed to help tax preparers of all sizes create a written security plan that meets the FTC Safeguards rule.
For more details, resources, and guidance see:
- Security Summit releases new data security plan to help tax professionals; new WISP simplifies complex area
- IRS Publication 4557 (Safeguarding Taxpayer Data)
- IRS Publication 5709 (How to Create a Written Information Security Plan for Data Safety)
- Data Security Plan Requirement for Tax Preparers
- Basic Safeguards for tax professionals’ computers and email
- Educate employees about Data Security and Computing Safeguards
- Publication 5293 (Data Security Resources Guide for Tax Professionals)
Create better and stronger passwords
All preparers should review the new, stronger password guidance for all their online accounts.
This new guidance suggests using a passphrase such as a favorite line from a movie or a series of associated words rather than using a traditional password.
For more details and resources on this guidance see:
- Password guidance
- Strong passwords help protect accounts against cybercriminals
- Tax Preparers must use strong passwords and encryption to protect client data
Review internal controls
- Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets, and phones) and keep software set to automatically update.
- Encrypt all sensitive files/emails.
- Back up sensitive data to a safe and secure external source not connected to a network.
- Wipe clean and destroy old computer hard drives and printers that contain sensitive data.
- Limit access to taxpayer data to individuals that need to know.
- Check IRS e-Services account weekly for number of returns filed with EFIN.
Review the IRS “Taxes-Security-Together” Checklist
This checklist includes information on deploying the “Security Six” measures:
- Activate anti-virus software
- Use a firewall
- Use two-factor authentication when it’s offered
- Use backup software/services
- Use drive encryption
- Create and secure Virtual Private Network
Use Multi-Factor Authentication
Based on reports to the IRS, many tax professionals whose client data was stolen failed to use multi-factor authentication. Using this feature could have prevented some of these thefts. Tax professionals should use multi-factor authentication features whenever it is offered, such as commercial email products and cloud storage providers.
Report any data theft or data loss to appropriate IRS Stakeholder Liaison
- See IRS Security 101 News Release Data Theft Reporting Process for further information.
Become more aware of preparer risk of data theft attacks
Increase your awareness of tax data theft by reviewing the following on the IRS website:
Additional Links for More Information on Identity Theft Resources and Tax Preparer Security
- Federal Trade Commission Cybersecurity for Small Business
- Identity Theft Information for Tax Professionals
- National Security Awareness Week 2022
- Tax Security 2.0
- Protect Your Clients; Protect Yourself
- Federal Trade Commission Identity Theft
- IRS Identity Central
CrossLink Professional Tax Software
CrossLink is the industry’s leading professional tax software solution for high-volume tax businesses. Built based on the needs of busy tax offices and mobile tax preparers that specialize in providing their taxpayer clients with fast and accurate tax returns, CrossLink has been a trusted software solution since 1989. CrossLink’s in-depth tax calculations, advanced technological features, and paperless solutions allow you to prepare the most complicated tax returns with confidence and ease while providing your customers an unparalleled experience.