Some states looking to end sales tax on baby diapers
The different ways forgiven student debt is taxed

Tax-exempt bond spear phishing effort is latest tax pro security threat


One of the most common tax scam practices is to take a bit of truth and twist it. Con artists tweak tax forms, create fraudulent online presences that mimic real tax sites, and impersonate tax officials.

The latest report of criminals honing their nefarious tax techniques involves the IRS' Tax Exempt and Governmental Entities (TEGE) division and tax-exempt bonds.

As part of the way the IRS audits tax-exempt bonds, the agency's TEGE unit uses its own secure electronic messaging service to transmit and receive data. That communication system now is being used as a hook in a new phishing scheme.

Joseph Santiesteban and John Stanley, partners at Orrick, Herrington & Sutcliffe LLP, write in an item at JD Supra that "we've recently seen emails email purporting to be from the IRS regarding the use of its TEGE secure messaging service to respond to an audit of tax-exempt bonds, but that are actually phishing scams intended to steal data from the recipients."

Scam alert time is all the time: In closing their report of this latest scam, the two Orrick attorneys warned that bond "issuers and borrowers should always be on the lookout for phishing or other suspicious emails, whether those appear to be from the IRS or other entities."

The IRS definitely agrees with the pair's advice. In fact, in late June the IRS issued a similar reminder to tax professionals about spear phishing, an email identity theft scheme where crooks target specific individuals or groups. In the tax world, professional preparer's database is a treasure trove for committing tax filing fraud and refund theft.

Then this week, the IRS and its Security Summit partners — state tax agencies and the nation's tax community — launched, virtually (yes, COVID-19 is still a thing), their annual summer campaign, "Protect Your Clients; Protect Yourself."

As the name indicates, it focuses on fundamental steps tax pros can take to stop data theft from their offices. This year's special five-part news release series began July 19 and runs every Tuesday through Aug. 16.

Those dates coincide with the IRS Nationwide Tax Forum, which this year features 32 webinars to help educate the tax professional community, including several that discuss security-related features.

Security Summit 2022 topics: The first featured Security Summit topic, posted on July 19, was Identity Protection PINs provide an important defense against tax-related identity theft. The IRS news release elaborates on the filing security advantages of the agency's opt-in ID PIN program, now open to all taxpayers nationwide.

The upcoming four Security Summit IRS news releases will address the following tax pro/taxpayer protection topics.

UPDATE, Aug. 16, 2022: Links to the IRS releases are now included in the discussions below. 

  • Avoid spear phishing scams. Yep, it bears repeating since, as the IRS notes, spear phishing is one of the most successful tactics used by identity thieves against tax professionals. Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Tax pros have been especially vulnerable to spear phishing scams from thieves posing as potential clients. Or, as the Orrick attorneys note, as the IRS itself. The bottom line, notes the IRS in its July 26 Security Summit release, is that tax pros (and all of us) need to be aware and wary of evolving email and cloud-based schemes to steal taxpayer data.  
  • Know the tell-tale signs of identity theft. Many tax professionals who report data thefts to the IRS also say that they were unaware of the signs that a theft had occurred. One sign that something is awry is multiple clients suddenly receiving IRS letters requesting confirmation that they filed a tax return deemed suspicious. Tax professionals also may see e-file acknowledgements for far more tax returns than they filed.
  • Help clients protect themselves whether working from home or traveling. With the continuation of coronavirus pandemic inspired work-from-home policies, many taxpayers find themselves conducting more of their affairs online. This requires additional security steps for digital communications, both for work and personal activities.

These tax preparer areas of concern are critical, noted IRS Commissioner Chuck Rettig, because even as the tax agency and its partners have "increased our defenses, cyberthieves increasingly turn to tax professionals, especially smaller operations, to look for security vulnerabilities. This is a critical link in protecting sensitive taxpayer information. By taking some basic security steps, tax pros help protect against the relentless efforts of identity thieves."

You also might find these items of interest:








Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.