Preparers need to be aware of the  following regarding tax identity theft:

 
• Tax  identity theft continues to be the largest type of tax refund fraud for both  the IRS and States.
 
• Tax  preparers are increasingly becoming targets of identity thieves.

This page is designed to give you information to help make you aware of the security  measures preparers should be taking to secure their computer systems and client  personal information. Also to let you know the latest ways identity thieves are  attempting to obtain personal information from individuals and tax preparers  and steps that IRS, States and the tax industry are taking to help protect  taxpayers from becoming a victim of identity theft.

The following are covered:
 Security and Tax Preparers
 What IRS States are doing to Combat  Tax Identity Theft
 Security  Summit – Collaborative Effort by IRS, States and Tax Industry Partners to Fight  Tax Identity Theft
 Links for More Information on Tax Identity Theft

Security and Tax Preparers
 This past  filing season the number of phishing email schemes that were targeted at tax  preparers increased over prior years. Due to this trend of tax preparers  becoming increasingly the targets of cybercriminals they must do more to  protect themselves.

The goal of  these criminals is to gain access to a preparer’s client tax data and to their  tax software in order to file fraudulent returns. In short they want to take  over their computer system.

Access to a  preparer’s client tax data not only allows the identity thieves to obtain each  client’s personal information, it also makes it possible for the identity thief  to create fraudulent returns that contain similar information for each  individual in order to not be caught by the IRS and State identity theft  filters.

Access to a  preparer’s tax software program allows the identity thief the opportunity to  modify existing returns that have not been completed or transmitted and file  additional fraudulent returns using the software.

Because of this increased interest by  identity thieves, tax preparers need to take steps to protect their computer  systems as well as protecting their client’s personal and tax information. Tax  preparers need to increase their security protections by taking the following  steps:

 
• Be alert for phishing email scams
  See  the IRS Security Alert Tax Tip #2 (2015) – Avoid Phishing and Malware for the steps you can take to  protect yourself.
 
• Run a security “deep scan” of their  computer systems to search for viruses and malware
  See  IRS Security Alert Tax Tip #10 (2015) – Perform a Deep Security Scan of  Computer Drives for  what steps to take to protect your computer system.
 
• Strengthen passwords for computer  access and software access
   Passwords  should be a minimum of eight characters, not use personal information and use  numbers and symbols for letters in words or phrases.  See the Homeland Security Creating a Password Tip Card for how to create a strong password.
 
• Review any software that your  employees use to remotely access your network
 
• Avoid downloads from suspicious  sources
 
• Protect your wireless network
 
• Consider encryption software
 
• Safely store data
 
• Shred documents and destroy media

For more information on what tax  preparers can do to protect themselves see the following on the IRS website:

 
• IRS Security Awareness Tax Tips
 
• Protect Yourself From Identity Theft
 
• Protect Your Clients; Protect  Yourself
 
• Data Theft Information for Tax  Professionals
 
• Publication 4557 – Safeguarding Taxpayer Data
 
• Warning to Tax Professionals of Cybercriminal Threats (Video)

Phishing schemes that preparers need  to be aware of:

 
• IRS News Release 2017-117 – Security Summit Launches Education  Campaign Aimed at Tax Pros; Warns Against Phishing Epidemic with “Don’t Take  The Bait” Series
 
• Security Summit Warns of New Phishing  Email Targeted at Tax Pros
 
• IRS, States & Tax Industry Warn  of Last Minute Email Scams
 
• Tax Professionals Warned of New Scam  Unlock their Tax Software Accounts
 
• New Two Stage E-Mail Scheme Targets  Tax Professionals
 
• Phishing Scheme Mimics Software  Providers; Targets Tax Professionals

Steps IRS and States are taking to Prevent Tax Identity Theft
 Since the Security Summit was formed  in 2015 the IRS, States and the tax industry have implemented steps to help  fight tax identity theft. Here are some examples of what the IRS and States  have done:

 
• Continually modifying and adding to their identity theft       fraud filters
 
• Sending letters to taxpayers when they suspect a return       they received may not be the taxpayer’s. The letter explains that the return will not be processed until the individual verifies who they are with the IRS or State either by going to page on their website or by calling the applicable government agency.
 
• Delaying the release of refunds. For federal returns the       delay is for refunds for returns that claim EITC or the additional child tax credit. For States, the timeline for when any refunds will be released has been increased.
 
• IRS and many States are now matching W-2 information on       returns.
 
• Assigning an Identity Protection PIN (IP PIN) to individuals who have been or may have been a victim of identity theft.
 
• States  are requesting Driver’s License or State ID information be included on the  electronic return in order to help verify the identity of the taxpayer.
 
• IRS has initiated their Taxes Security Together campaign which is designed to educate taxpayers and tax preparers on what they can do to prevent themselves from becoming a victim of identity theft and secure their personal information.
 
• IRS has initiated their IRS Protect Clients; Protect Yourself campaign that is designed to educate preparers on what they need to do to protect their computer systems and client tax information from identity thieves.

IRS Security Summit – IRS, States and Industry Partners Collaborative Effort  to Fight Tax Identity Theft

Since March 2015, IRS officials, State tax  administrators, Tax Software industry, Financial institutions, and tax preparer  groups have been working together to identify the steps that need to be taken  to combat tax-related identity theft.

The Security Summit has also been focusing on making tax  preparers aware that they are vulnerable to phishing email schemes that target  them with the intent of taking over a preparer’s computer system to gain access  to their client information and their tax program.

Over the  past two filing seasons the Security Summit has implemented the following to  help protect taxpayers:

 
• New password standards to access tax  software.
 
• Software providers are now including  additional data elements from individual and business tax return submissions  that IRS and states are using to assist them in their efforts to detect and  prevent identity theft returns.
 
• Industry partners are performing regular reviews to identify possible  identity theft schemes and report them to the IRS and state partners to help  stay on top of emerging schemes.
 
• Requesting additional data be provided with the e-filed federal and       state return. An example is asking for information from the taxpayer’s       driver’s license or State ID.
 
• Working  towards setting security guidelines for the tax software industry.
 
• Creating  educational awareness campaigns to ensure that tax preparers have the information they need to  protect themselves from cyberattacks and safeguard taxpayer data (i.e.  “Taxes.Security.Together.” and  “Protect  Your Clients; Protect Yourself”).
 
• Setting up a centralized analysis center that       will allow IRS, States and Tax Software companies to share actionable data       and information regarding tax identity theft schemes.