IRS Reports a New Filing Season Scam: Cybercriminals Stealing Data from Tax Practitioners’ Computers

By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager

IRS Reports a New Filing Season Scam: Cybercriminals Stealing Data from Tax Practitioners’ Computers

At Keiter, we take a holistic approach to protecting our clients’ data. We leverage state of the art technology combined with a highly trained IT team to maintain and secure our client’s data. In addition, we provide a variety of cybersecurity services to assist businesses with their individual data security needs.

Even with the best data security measures in place, there is always a possibility for a security breach. It is important for businesses and individuals to be proactive in keeping their financial information safe.

The IRS has shared important information to keep taxpayers informed on new tax scams they are seeing in 2018. One of the scams the IRS has identified began with cybercriminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns.

We have included an excerpt from the original IRS article below.


“…the fraudulent returns in a few cases used the taxpayers‘ real bank accounts for the deposit. A woman posing as a debt collection agency official then contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to forward the money to her.

This scheme is likely just the first of many that will be identified this year as the IRS, state tax agencies and tax industry continue to fight back against tax-related identity thieves. Because the Security Summit partners have made inroads against identity theft, cybercriminals have evolved their tactics to focus on tax professionals where they can steal client data.

Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions. Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers….

When notified immediately, IRS can take steps to help protect taxpayers from tax-related identity theft.

IRS Criminal Investigation agents are still reviewing this latest data theft scam. However, the vast majority of data thefts occur because the tax preparer or someone in the office opened a phishing email and clicked on a link or attachment that contained malware. There are various forms of malware but some download secretly into computers and allow thieves to see each keystroke or give thieves remote access to computers. Both versions allow thieves to steal data stored on the computers. Access full article.


Avoid an IRS Scam

It is important to note that The IRS initiates most contacts through regular mail delivered by the United States Postal Service.

However, there are special circumstances in which the IRS will call or come to a home or business, such as when a taxpayer has an overdue tax bill, to secure a delinquent tax return or a delinquent employment tax payment, or to tour a business as part of an audit or during criminal investigations.

Even then, taxpayers will generally first receive several letters (called “notices”) from the IRS in the mail. Learn more.

Is your tax provider keeping up with your data security needs? Keiter invests significant resources to meet our clients cybersecurity needs. Contact us to learn more about our dedication to protecting our clients’ data.

Additional Resources

Source: IRS.gov

Share this Insight:

About the Author


Christopher Moschella

Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog.

More Insights from Christopher Moschella

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Categories

Contact Us