2022 IRS Security Summit
The Internal Revenue Service and the Security Summit partners continue their efforts to remind tax preparers that identity thieves are increasingly targeting tax professionals. It is imperative that tax preparers take basic steps to protect themselves and their offices from data theft.
It is not just individual identity thieves that are targeting tax professionals. Criminal syndicates are well funded, have the technical ability, but also use extensive tax knowledge in their attempts to trick or hack their way into a tax professional’s computer system. These syndicates and thieves are attempting to access tax clients’ data through tax professionals’ preparation software, and to steal the tax preparer’s information such as their EFIN and PTIN.
This year, the 2022 summer IRS Security Summit Awareness campaign is focusing on reminders for tax preparers to concentrate on security fundamentals and to bring awareness of the emerging vulnerabilities that the IRS is seeing for those practitioners using cloud-based tax services.
5 Tips for Avoiding Tax Related Identity Theft
The IRS Security Summit is emphasizing the following steps that tax professionals should do to help prevent identity thieves from stealing their clients’ data and their clients’ from becoming a victim of identity theft.
Sign up clients for Identity Protection PINs (IP PIN)
The IP PIN serves as a critical defense against identity thieves. Now that anyone can opt to get an IP PIN, tax preparers should inform their clients about the IRS Identity Theft Protection PIN Opt-In Program and encourage their clients to sign up for one.
See IRS News Release I.R. 2022-140 (Identity Protection PINS provide an important defense against tax-related identity theft) for how individuals can sign up and the benefits for having an IP PIN.
Email Spear Phishing Scams
The Security Summit partners continue to see instances where tax preparers have been vulnerable to identity theft phishing emails that pose as potential clients. The identity thieves use these emails to trick the preparer into opening email links or attachments that allow them to infect their computer systems and potentially steal client information.
The Security Summit also warns tax preparers using cloud-based systems to prepare and store tax returns to make sure that they are using multi-factor authentication that use options such as phone, text, or tokens.
See IRS News Release I.R. 2022-143 (Security Summit warns tax pros of evolving email and cloud-based schemes to steal taxpayer data) on the IRS website for more information on the latest spear phishing schemes and the advantages of using multi-factor authentication.
Know the Tell-tale Signs of Identity Theft
A common concern that the IRS hears from tax preparers is that they did not immediately recognize the signs of data theft.
Security Summit partners urge tax preparers to learn the signs of data theft so that they can react quickly to protect their clients and themselves.
Here are critical signs that data theft may have occurred:
- A client’s tax return is rejected because their SSN was already used on another return
- IRS records show more e-File acknowledgements received than the tax preparer has filed
- A client has responded to an email from the tax preparer that the tax preparer did not send
- Slow or unexpected computer and/or network issues
See IRS News Release I.R. 2022-144 (Tell-Tale signs of identity theft tax pros should watch for) on the IRS website for more information on additional warning signs that data theft might have occurred and what tax preparers should do if they become a victim of data theft.
Create a Security Plan
The Security Summit partners have created a new sample security plan designed to help tax professionals, especially those with smaller practices, protect their data and information.
As a reminder, federal law requires all tax preparers to create and implement a data security plan. The Security Summit (a private public partnership between the IRS, states, and tax industry) has noticed that a number of tax professionals are struggling to develop a written security plan.
The new sample security plan, Creating a Written Information Security Plan for Your Tax & Accounting Practice, is a 29-page document that is designed to help tax preparers of all sizes to create a written security plan.
See IRS News Release I.R. 2022-147 (Security Summit releases new data security plan to help tax professionals) for more information on this new sample security plan and additional resources available to help tax preparers with securing their computer systems in their office.
Protection for Remote Workers
With many people working from home, the IRS and Security Summit partners urge individuals to use a virtual private network (VPN) to securely conduct business.
See IRS News Release I.R. 2022-151 (Tax pros can help clients battle identity theft risk) for what individuals should consider when conducting business online.
Additional Security Summit Resources
See the following on the IRS website for more information on the IRS Security Summit and this summer’s Protect Your Clients; Protect Yourself – Summer 2022 awareness campaign:
- Security Summit page
- Protect Your Clients; Protect Yourself – Summer 2022 page
- IRS Publication 4557 – Safeguarding Taxpayer Data
- Data Theft Information for Tax Professionals
CrossLink Professional Tax Software
CrossLink is the industry’s leading professional tax software solution for high-volume tax businesses. Built based on the needs of busy tax offices that specialize in providing their taxpayer clients with fast and accurate tax returns, CrossLink has been a trusted software solution since 1989. CrossLink’s in-depth tax calculations allow you to prepare the most complicated tax returns with confidence and ease.
