Saturday January 22, 2022
Guard Against Spear Phishing Emails
The IRS Security Summit published a warning this week to make taxpayers and professional advisors aware of the latest email phishing scams. Because both tax advisors and individuals have been under lockdowns or on remote status for over a year, there is greater opportunity for identity thieves to trick individuals into releasing confidential data.
IRS Commissioner Chuck Rettig stated, "Identity thieves have been relentless in exploiting the pandemic and the resulting economic pain to trick taxpayers and tax professionals to disclose sensitive information. Fighting back against phishing scams requires constant vigilance and we urge tax pros to take some basic steps to help protect their clients and themselves."
There are several specific strategies that bad actors use to collect passwords, bank account information, credit card numbers or Social Security numbers.
A number of tax professionals have also been subject to ransomware attacks. With the malware on the computer or network of the tax professional, the bad actor is able to encrypt all the business files. This is particularly effective because many of the tax returns will have due dates. The bad actor than demands a cryptocurrency payment from the professional. If the ransom is paid, the bad actor may send a key to decrypt the files and meet the required tax deadlines.
The Internal Revenue Service urges all individuals with financial accounts to use two-factor authentication. Both individuals and tax professionals should have anti-virus software that is updated on a daily basis. Tax professionals should also encrypt the data at rest and create daily backup files that can be recovered if their hard drives are encrypted.
The Department of Treasury urges both individuals and tax professionals to review IRS Publication 4557, Safeguarding Taxpayer Data.
Published August 13, 2021