Educating Your Tax Clients About Security Threats

Tax and accounting professionals play a critical role in helping safeguard taxpayer information and helping clients create a plan to safeguard data against cybersecurity threats. Now that tax season is over, it is a good time to review or create your plan to safeguard taxpayer information, and educate staff and clients about potential scams and security threats.

In the past three years, the additional safeguards in the IRS’ e-file system have reduced the number of tax refund identity thefts. However, cybercriminals and scammers continue to change their tactics to identify new vulnerabilities. Advising clients about safeguarding personal information can be a great way to increase your value as a trusted advisor.

Here are three of the most common scams targeting businesses and taxpayers:

1. Phishing is when fraudsters attempt to steal people’s personal information, login credentials and passwords, usually via email. Spear phishing is a more sophisticated form where the fraudster impersonates a known person or organization, and may know certain information about the potential victim. The goal is to impersonate a trusted relationship and trick the user into disclosing personal information that the fraudster can use to commit theft.
2. Malware, or malicious software, is used by cyber attackers to get unauthorized access or inflict damage to a computer or network. Malware comes in the form of computer viruses, ransomware, Trojan horses and spyware. Malware is often used to get remote access to a computer to commit fraud or theft, often while the victim is unaware the system has been compromised. Most computers are infected with malware from email or installing software applications from untrusted sources.
3. Phone scams often spoof the caller ID of known organizations like the IRS and include threats to intimidate victims into providing electronic payments over the phone. Scammers often leave urgent messages, and their threats become increasingly intimidating. Phone scammers often target elderly and vulnerable victims.

Here are six important tips to share with clients that may help protect them from scams and better safeguard personal information:

1. Be alert and practice a healthy dose of skepticism when reading emails. Every email user will eventually encounter phishing emails and scams. When you receive unsolicited emails, it is best to simply delete. Never click on links or open attachments from questionable emails. Never provide personal information, financial information, logins or passwords in response to an email or link. Instead, only log in to trusted sites with vendors you know.
2. Practice safe computing by only operating currently supported operating systems and applications. Confirm that antivirus and anti-malware software are automatically updating definitions and scanning emails and all workstations. Even one noncompliant workstation can put the whole network at risk, as the city of Atlanta learned when it recently became a victim of ransomware.
3. When scammers call, hang up. Understand that any debt collectors, including the IRS and government agencies, will always initiate disputes and collections first through postal mail. They cannot threaten you with jail or harm. Scammers, on the other hand, will threaten and often demand payment in a specific form, such as gift card or debit card. Never provide financial information over the phone to an inbound call, even if the caller ID appears legitimate. Hang up and seek help from law enforcement.
4. Use strong passwords and change them quarterly on all bank accounts and online accounts that include personal information. Never use the same password on multiple accounts, because that makes it much easier for scammers to access multiple accounts to steal. Instead, create and use unique passwords with numbers, upper and lower case letters, and special characters. Using 10 or more characters in a password increases its effectiveness. Changing passwords regularly can help protect against fraudsters who obtain login credentials from data breaches.
5. Turn on multi-factor authentication for email, banking and other important online accounts. Use a mobile phone as your second factor to authorize approved devices and your computers. While it is possible for fraudsters to obtain login credentials through phishing, malware and data breaches, if you require new, unknown computers to first authenticate with your mobile phone, you can stop unauthorized access to online accounts before damage is done by refusing to approve access for the fraudster.
6. Monitor bank accounts regularly and monitor credit agency reports at least annually. Report any suspicious activity immediately to limit loss liability.

Safe computing requires awareness and vigilance. As a trusted advisor, you can make a difference in your clients’ lives by regularly sharing recommendations to help clients safeguard their information.

Editor’s note: Check out the Intuit® ProConnect™ Tax Pro Center’s articles on fraud and security.