Tax Law and News IRS Warns Tax Pros of New Scam Posing as Professional Associations Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Intuit Accountants Team Published May 31, 2018 3 min read Based on reports from tax professionals receiving fake emails that were trying to trick them into disclosing their email usernames and passwords, the IRS, along with its state and industry Security Summit partners, warned tax practitioners to beware of phishing emails posing as state accounting and professional associations. Cybercriminals specifically targeted tax professionals in Iowa, Illinois, New Jersey and North Carolina. The IRS also received reports about a Canadian accounting association. The awkwardly worded phishing email states: “We kindly request that you follow this link HERE and sign in with your email to view this information from (name of accounting association) to all active members. This announcement has been updated for your kind information through our secure information sharing portal which is linked to your email server.” Tax practitioners nationwide should be on guard because cybercriminals can easily change their tactics, using other association names or making other adjustments in their scam attempts. Tax practitioners who are members of professional associations should go directly to those associations’ websites rather than open any links or attachments. Tax practitioners who receive suspicious emails related to taxes or the IRS, or phishing attempts to gain access to practitioner databases, should forward those emails to phishing@irs.gov. This scam serves as a reminder to all tax professionals that cybercriminals are targeting their offices in an attempt to steal client data. To assist tax professionals with safeguards, the Security Summit partners urge practitioners to follow these minimal security steps: Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember that the IRS never initiates initial contact with a tax pro via email. Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology. Review internal controls: Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones), and keep software set to automatically update. Create passwords of at least eight characters; longer is better. Use different passwords for each account, use special and alphanumeric characters and phrases. Password protect wireless devices and consider a password manager program. Encrypt all sensitive files/emails and use strong password protections. Back up sensitive data to a safe and secure external source not connected fulltime to a network. Wipe clean or destroy old computer hard drives and printers that contain sensitive data. Limit access to taxpayer data to individuals who need to know. Check your IRS e-Services account weekly for number of returns filed with an Electronic Filing Identification Number. Report any data theft or data loss to the appropriate IRS Stakeholder Liaison. Stay connected to the IRS through subscriptions to e-News for Tax Professionals, Quick Alerts and social media. Additional resources: Identity Protection: Prevention, Detection and Victim Assistance Data Theft Information for Tax Professionals Protect Client Data; Learn Signs of Identity Theft Protect Your Clients; Protect Yourself Security Summit In addition, visit the Intuit® ProConnect™ Tax Pro Center often for updates and articles about fraud and security. Previous Post Summary of Preparer Penalties Under Title 26 Next Post June 2018 Tax and Compliance Deadlines Written by Intuit Accountants Team The Intuit® Accountants team provides ProConnect™ Tax, Lacerte® Tax, ProSeries® Tax, and add-on software and services to enable workflow for its customers. Visit us at https://proconnect.intuit.com, or follow us on Twitter @IntuitAccts. More from Intuit Accountants Team Comments are closed. Browse Related Articles Tax Law and News IRS Issues Security Summit Alert: New Two-Stage Email S… Tax Law and News IRS Urges Tax Pros to Step Up Security and Beware of Ph… Tax Law and News IRS Warns Taxpayers and Tax Pros of Email Scam Targetin… Tax Law and News Make Your Clients Aware of Last-Minute Phishing Email S… Tax Law and News Watch out for “new client” email scam Tax Law and News IRS Dirty Dozen: phishing, smishing, and more Practice Management How to protect your firm and taxpayer data from COVID-1… Intuit® Accountants News Above the Forms: Enhanced Security Efforts Benefit Acco… Tax Law and News IRS Summit Partners Warn Tax Pros to be on Alert and St… Tax Law and News Tax Professionals Warned of New Scam to “Unlock” Th…