Douglas Tax Blog. U.S.A. IR-2018-125
The IRS warned tax professionals thru its state and industry Security Summit partners to beware of phishing emails posing as state accounting and professional associations. The IRS received reports from tax professionals who received fake emails that were trying to trick them into disclosing their email usernames and passwords. Cyber criminals specifically targeted tax professionals in Iowa, Illinois, New Jersey, and North Carolina. The IRS also received reports about a Canadian accounting association.
Any suspicious or obviously fake organizations, should be reported right away to the IRS. Tax professionals need to be alert to these type of scams, as they change over time, and reporting and educating each other is a great way to combat the crime. Tax professionals who are members of professional associations should go directly to those associations websites rather than open any links or attachments. Tax practitioners who receive suspicious emails related to taxes or the IRS, or phishing attempts to gain access to practitioner databases, should forward those emails to firstname.lastname@example.org
Scams like this are reminders to the tax community to be on guard against cybercriminals who are adapting tactics, and scams to try to catch unsuspecting individuals off guard. Being aware of new scams as they develop is crucial to stopping this type of crime. The Security Summit partners recommend these steps. Learn to know phishing emails, and never open a direct link or any attachment from a suspicious email.
Go to publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security, by the National Institute of Standards and Technology for additional information. Install anti malware security software on your computer and set software to update automatically. Create passwords of at least 8 characters in length, then make sure to encrypt all sensitive files and emails and use strong passwords as well.
Make sure to clean or wipe old hard drives to destroy any data, including data on printers. Limit access to taxpayer data to individuals who need to know. Report any theft or data loss to the appropriate IRS Stakeholder Liason.