Managing online fraud and identity theft

1. Notify the IRS that your EFIN was compromised by calling the IRS e-services help desk.  They can inactivate the compromised EFIN and issue you a new one, usually within 24 hours.
2. Notify Intuit that your EFIN has been compromised so we can disable access to the Intuit Electronic Filing Server.
3. Notify the IRS stakeholder liaison for your region.  You can find the contact information for your stakeholder liaison here.

You can find more information about responding to a compromised EFIN on the IRS website here.

Notify the IRS that your EFIN was compromised by calling the IRS e-services help desk.  They can inactivate the compromised EFIN and issue you a new one, usually within 24 hours.

To continue to electronically file returns through our software, you will need to submit your new EFIN for verification. See Register your EFIN with Intuit before e-filing for details.  Once we have your new EFIN, we can enable it for use with your account.

Do not enter your new EFIN in your tax software until you've confirmed that your computer system is secure to prevent further unauthorized access.  See the Online Security tips below for more information.

It's important to notify impacted individuals as soon as possible.  Early notification will allow individuals whose personal information may have been compromised to take steps to mitigate misuse of their information.  Most states have their own laws and rules that address when and how to notify individuals of a compromise of their data.  Contact your attorney for guidance regarding your obligations to your clients and others who may have been impacted.

Also see the Federal Trade Commission guidance page: Information Compromise and the Risk of Identity Theft: Guidance for Your Business here.

We have sample Notification Letters that may be used to draft a notice to all clients about the unauthorized disclosure (available upon request), which you may wish to review with your counsel.

Additional steps you can take to help your clients:

To help protect your clients from the impacts of identity theft, you can offer them credit monitoring through a third-party credit monitoring provider.

You can also ask your IRS Stakeholder Liaison about obtaining identity protection PINs for all of your clients.  For more information, visit the IRS website here.

Steps your clients can take:

To mitigate the impacts of identity theft, you can advise your clients to take these initial steps:

• Enact a credit freeze or put a fraud alert on their credit reports;
• Obtain a copy of their credit reports;
• Create an identity theft report by filing an identity theft complaint with the FTC and filing a police report.
• For more information about credit freezes and fraud alerts see here.
• The FTC provides more tips for consumers dealing with tax-related identity theft here.

Data thieves can gain unauthorized access to your computer system in several ways.  To determine the source of unauthorized access, have an IT professional review your network and workstation logs. The unauthorized access may be through a remote access program or tool.

To prevent additional unauthorized access, be sure to change all of your passwords to strong, unique passwords and have an IT professional conduct a full scan for malware or viruses.

• Use strong, unique passwords and change them regularly.
• Use different passwords for different accounts.
• Make your password a mix of letters, numbers and special characters and use at least 10 characters.

For more information about password safety see here.

Take precautions to keep out malware:

• Malware is unwanted software that gets installed on your computer without your consent, such as viruses and spyware.
• Use security software and a firewall on your computer and scan for malware regularly.  Keeping all of your software up-to-date can also help prevent malware attacks.

If you think your computer has malware, you can file a complaint with the FTC at www.ftc.gov/complaint.

For more information about preventing malware see here.

Beware of phishing scams:

• Don't click on emails, links or pop-up messages that look suspicious.
• Phishing messages will often ask you to send or confirm personal or financial information and often look like they're from companies you trust.
• If you receive a message that you think might be a phishing scam, report it.  Be cautious about opening attachments and downloading files from emails, as they can contain viruses and malware.

For more information about phishing see here.

The FTC provides more tips about online security here.

We are here to support you, so please feel free to reach out to us with additional questions:

• How to contact ProSeries for help
• How to contact Lacerte for help
• How to contact ProConnect Tax for help