One of the most common tax scam practices is to take a bit of truth and twist it. Con artists tweak tax forms, create fraudulent online presences that mimic real tax sites, and impersonate tax officials.
The latest report of criminals honing their nefarious tax techniques involves the IRS' Tax Exempt and Governmental Entities (TEGE) division and tax-exempt bonds.
As part of the way the IRS audits tax-exempt bonds, the agency's TEGE unit uses its own secure electronic messaging service to transmit and receive data. That communication system now is being used as a hook in a new phishing scheme.
Joseph Santiesteban and John Stanley, partners at Orrick, Herrington & Sutcliffe LLP, write in an item at JD Supra that "we've recently seen emails email purporting to be from the IRS regarding the use of its TEGE secure messaging service to respond to an audit of tax-exempt bonds, but that are actually phishing scams intended to steal data from the recipients."
Scam alert time is all the time: In closing their report of this latest scam, the two Orrick attorneys warned that bond "issuers and borrowers should always be on the lookout for phishing or other suspicious emails, whether those appear to be from the IRS or other entities."
The IRS definitely agrees with the pair's advice. In fact, in late June the IRS issued a similar reminder to tax professionals about spear phishing, an email identity theft scheme where crooks target specific individuals or groups. In the tax world, professional preparer's database is a treasure trove for committing tax filing fraud and refund theft.
Then this week, the IRS and its Security Summit partners — state tax agencies and the nation's tax community — launched, virtually (yes, COVID-19 is still a thing), their annual summer campaign, "Protect Your Clients; Protect Yourself."
As the name indicates, it focuses on fundamental steps tax pros can take to stop data theft from their offices. This year's special five-part news release series began July 19 and runs every Tuesday through Aug. 16.
Those dates coincide with the IRS Nationwide Tax Forum, which this year features 32 webinars to help educate the tax professional community, including several that discuss security-related features.
Security Summit 2022 topics: The first featured Security Summit topic, posted on July 19, was Identity Protection PINs provide an important defense against tax-related identity theft. The IRS news release elaborates on the filing security advantages of the agency's opt-in ID PIN program, now open to all taxpayers nationwide.
The upcoming four Security Summit IRS news releases will address the following tax pro/taxpayer protection topics.
UPDATE, Aug. 16, 2022: Links to the IRS releases are now included in the discussions below.
- Avoid spear phishing scams. Yep, it bears repeating since, as the IRS notes, spear phishing is one of the most successful tactics used by identity thieves against tax professionals. Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Tax pros have been especially vulnerable to spear phishing scams from thieves posing as potential clients. Or, as the Orrick attorneys note, as the IRS itself. The bottom line, notes the IRS in its July 26 Security Summit release, is that tax pros (and all of us) need to be aware and wary of evolving email and cloud-based schemes to steal taxpayer data.
- Know the tell-tale signs of identity theft. Many tax professionals who report data thefts to the IRS also say that they were unaware of the signs that a theft had occurred. One sign that something is awry is multiple clients suddenly receiving IRS letters requesting confirmation that they filed a tax return deemed suspicious. Tax professionals also may see e-file acknowledgements for far more tax returns than they filed.
- Create a security plan. Not only is this a good practice, but it's also federal law. The Federal Trade Commission enforces the law, which requires paid tax return preparers to create and implement a data security plan. For a preview, check out IRS Publication 4557, Safeguarding Taxpayer Data. You also can read my previous post Tax preparers filing season prep: A written security plan. The IRS will highlight other tax pro resources in this upcoming release. The IRS provides written tax data security plan guidance in a new document issued Aug. 9.
- Help clients protect themselves whether working from home or traveling. With the continuation of coronavirus pandemic inspired work-from-home policies, many taxpayers find themselves conducting more of their affairs online. This requires additional security steps for digital communications, both for work and personal activities.
These tax preparer areas of concern are critical, noted IRS Commissioner Chuck Rettig, because even as the tax agency and its partners have "increased our defenses, cyberthieves increasingly turn to tax professionals, especially smaller operations, to look for security vulnerabilities. This is a critical link in protecting sensitive taxpayer information. By taking some basic security steps, tax pros help protect against the relentless efforts of identity thieves."
You also might find these items of interest:
- 6 ways to avoid being a tax scam victim
- Don't fall for any of 2022's Dirty Dozen tax scams
- New phishing scam targets tax pros, but everyone needs to be on guard
- All of Don't Mess With Taxes' posts on scams and identity theft