IRS Warns Tax Professionals of New e-Services Email Scam
WASHINGTON – The Internal Revenue Service today issued an urgent alert to tax professionals who use IRS e-services to beware of an email asking them to update their accounts and directing them to a fake website.
The subject line for the fraudulent email is “Security Awareness for Tax Professionals.” The “From” line is “Your e-Services Team.” It has both an IRS logo and an e-services logo that hyperlinks to a URL verified as a phishing site. The spoofing site poses as an e-services registration page.
The scammers are attempting to exploit current IRS efforts to strengthen the e-services authentication process and its ongoing communications with tax professionals about their accounts. Scammers are attempting to steal e-services usernames and passwords or additional personal data through a registration page.
If e-services users have already clicked on the fake logo and provided their username and password, they should contact the e-services help desk to reset their accounts. If the same password is used for other accounts, these should be changed as well. As an extra precaution, users should perform a deep security scan on their computers, re-evaluate their security controls and be alert to any other signs of identity theft or data compromise.
Tax professionals should always go directly to IRS.gov to access e-services and never click on any links provided in emails.
Tax professionals who receive a suspicious email should send it as an attachment to Phishing@irs.gov and then delete it. Recipients should not click on any links.
The scammer email tells recipients that information was stolen from certain user accounts in 2015 from a state-sponsored actor. It says users are being asked to upgrade their e-service account to ensure protection of their information. It asks them to click on the login to access their accounts for security upgrade.
The IRS is in the process of upgrading e-services security and has been in communication with tax professionals about updating their accounts.
The IRS, state tax agencies and tax industry partners working together through the Security Summit have an awareness campaign underway called Protect Your Clients; Protect Yourself. The objective is to remind tax professionals they increasingly are the targets of identity thieves seeking ever larger amounts of taxpayer data to file fraudulent tax returns.
Security Summit partners recommend tax professionals:
Always use robust security software
Use encryption software to protect taxpayer data
Use strong passwords and change them often.
IRS Warns of a New Wave of Attacks Focused on Tax Professionals
IR-2016-119, Sept. 2, 2016
WASHINGTON – The Internal Revenue Service today warned tax professionals of a new wave of attacks that allow identity thieves to file fraudulent tax returns by remotely taking over practitioners’ computers.
As part of the Security Summit effort, the IRS urged tax professionals to review their tax preparation software settings and immediately enact all security measures, especially those settings that require usernames and passwords to access the products. The IRS is aware of approximately two dozen cases where tax professionals have been victimized in recent days.
The IRS, state tax agencies and the tax industry – working as partners in the Security Summit – recently launched the Protect Your Clients; Protect Yourself campaign to increase awareness that criminals increasingly are targeting tax professionals and the taxpayer data they possess.
“This latest incident reinforces the need for all tax professionals to review their computer settings as soon as possible,” said IRS Commissioner John Koskinen. “Identity thieves continue to evolve and look for new areas to exploit, especially as our fraud filters become more effective. The prompt identification of these attacks is another example of the great benefits that result from the close working relationship the IRS now has with the tax industry and the states through the Security Summit initiative. Information is flowing more rapidly between our groups as we continue our efforts to protect taxpayers.”
These attacks come as the Oct. 17 deadline approaches for extension filers. The IRS first warned of a similar remote take-over attack in the spring, just ahead of the April 15 deadline, another peak period for tax professionals.
Thieves are able to access tax professionals’ computers and use remote technology to take control, accessing client data and completing and e-filing tax returns but directing refunds to criminals’ own accounts.
Victims in the tax community learned of these thefts while reconciling e-file acknowledgements.
In addition to activating security measures for tax software products, IRS urges all tax preparers to take the following steps:
- Run a security “deep scan” to search for viruses and malware;
- Strengthen passwords for both computer access and software access; make sure your password is a minimum of eight digits (more is better) with a mix of numbers, letters and special characters and change them often;
- Be alert for phishing scams: do not click on links or open attachments from unknown senders;
- Educate all staff members about the dangers of phishing scams in the form of emails, texts and calls;
- Review any software that your employees use to remotely access your network and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems. Remote access software is a potential target for bad actors to gain entry and take control of a machine.
In addition, the IRS recently issued instructions to tax professionals on how to monitor their PTIN activity.
Tax professionals should review Publication 4557, Safeguarding Taxpayer Data, a Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security. Also, practitioners should review Data Breach Information for Tax Professionals for information on what action they should take if they do become victims.
IRS, Partners Warn Tax Preparers of Data Theft Risks; Launch New Campaign
to Increase Awareness
WASHINGTON — Leaders from the Internal Revenue Service, state tax agencies and tax preparation community today warned tax preparers that they increasingly are targets of cybercriminals and should take appropriate steps to protect clients from data theft.
IRS also posted new information to help tax professionals get started with safeguards to protect clients’ data. It’s the first in a series of fact sheets and tips on security, scams and identity theft prevention measures aimed at tax professionals. The Protect Your Clients; Protect Yourself campaign will run through the start of the 2017 filing season.
Recognizing the risk to tax preparers, this new effort is an expansion of the Security Summit’s 2015 Taxes. Security. Together campaign aimed at increasing public awareness for using security software, creating stronger passwords and avoiding phishing emails.
“We have more than 700,000 tax preparers in this country, with many of those taking good security precautions,” said IRS Commissioner John Koskinen. “But cybercriminals are continuing to evolve, using new technology, ruses and scams. The tax community handles large volumes of sensitive personal and financial information. We need every tax professional to stay on top of their security to protect taxpayers as well as their businesses.”
Tax Professionals: Protect Your Clients; Protect Yourself from Identity Theft urges preparers to follow the security recommendations found in Publication 4557 Safeguarding Taxpayer Data The fact sheet outlines the critical steps necessary to protect taxpayer information and to build customer confidence and trust.
Preparers should sign up for e-News for Tax Professionals, the IRS Tax Pro Twitter account and the Return Preparer Office’s Facebook page to stay informed about this campaign and about scams and schemes in general. The IRS also is creating a Protect Your Clients; Protect Yourself page on IRS.gov.
The Security Summit consists of the IRS, state tax agencies and the private-sector tax industry working together to safeguard taxpayers from tax-related identity theft. On June 28, Summit partners announced their 2017 initiatives to combat stolen identity refund fraud.
IRS Liaison notification – Defaulted Installment Agreements
In early February the IRS identified a systemic issue causing approximately 238,000 installment agreements (IAs) to default erroneously. Upon identification of the issue, the IRS reinstated the IAs and waived the reinstatement fees.
IRS identified the impacted taxpayers and issued apology letters beginning April 1. The letters advise taxpayers that their installment agreements have been restored and confirm the terms. Affected taxpayers will resume receiving reminder notices, advising them to make their next scheduled payments.
IRS has confirmed mailing of all the letters except for a small number (less than one hundred), which need to be processed manually. The remaining letters will be issued as soon as possible.
Since IAs were not terminated, the Failure to Pay (FTP) penalty remains at a reduced rate of ¼ percent. It was determined that systemic abatement of the FTP penalty is not feasible at this time. At this point, the IRS advises affected taxpayers to submit a request for abatement.
Tax Preparer Toolkit – The Tax Preparer Toolkit has everything you need to practice EITC due diligence, prepare quality returns and help your clients get the EITC they earned.
Pub 1546 Taxpayer Advocate Service Notice 2015-82 provides an increase in the de minimis safe harbor limit provided by the federal tax regulations for taxpayers without an applicable financial statement. (PDF)
PTIN user fee update temporary regulations (MS Word Document)
2016 PTIN User Fee Update (MS Word Document)
2016 PTIN Information (PDF)
ID theft (PDF)
The Return Preparer Office is in the process of sending a number of letters to tax return preparers.
Letter 5574 (PDF) – Reminds tax return preparers to properly report income from Forms 1099-K.
Letter 4731 (PDF) – To tax return preparers who are using a pre-2011 legacy PTIN that has not been renewed in the new PTIN system. Advises them they must register in the new PTIN system.
Letter 4732 (PDF) – To tax return preparers who are using an SSN instead of a PTIN. Advises them they must obtain a PTIN.
Letter 4966 (PDF) – To tax return preparers who are using an expired PTIN. Advises them they must renew their PTIN.
Letter 5589 (PDF) – To tax return preparers who prepared returns after placing their PTIN in inactive status. Advises them to activate and renew their PTIN.
Affordable Care Act Information:
To help your customers, clients, constituents and members quickly and efficiently find important information about their responsibilities under the Affordable Care Act, the IRS has created the ACA Information Center for Applicable Large Employers on IRS.gov/aca. This launch coincides with the release of the final Forms 1095-B/C (2015).
We are asking for your help in accomplishing a common goal: assisting employers, especially those with 50 or more full-time employees and full-time equivalents, to understand the ACA tax provisions that affect Applicable Large Employers right now.
Remember that these provisions affect all types of employers: for-profit, tax-exempt and governmental agencies.
Some items you may find useful are:
- Drop-in article (MS Word Document) – an article that is suitable for newsletters or news sections of your website New IRS Resource helps Employers Understand the Health Care Law
- Sample Email (MS Word Document) – a brief message you can send customers, constituents, members and clients to alert them about this resource
There is a lot of information available to employers on IRS.gov/aca about the health care law and the new reporting requirements. The ACA Information Center for Applicable Large Employers is where employers can go to quickly locate official guidance. There is a specifically designated section containing outreach materials. While you may use any of the information on our website in your communication about the health care law and its effect on employers, you may find the material in the outreach section especially useful.
While the first mandatory information reporting deadlines are not until early next year, employers should be planning and putting processes in place now in order to be prepared. Helping employers to realize that they should act now will enable them to meet the requirements fully and completely by the deadlines.
IRS Get Transcript incident –
The IRS has made an additional statement on the “Get Transcript” incident. Click here to find the latest information.
Social Security Administration
- Business Services Online – businesses and employers who exchange information with Social Security
- SSN Verification Service
IRS Tax Center
- About the IRS – Learn about the history of the IRS, as well as their current structure.
- ACA Information Center for Tax Professionals
- Tax Information for Tax Professionals
- Abusive Tax Shelters – Includes information from the division including Tax Fraud Alerts
- Business Tax information
- Charities and Non-Profits Tax Information
- Collection Financial Standards
- Contacts for the IRS
- e-file information
- Earned Income Tax Credit for individuals, employers, and tax professionals
- Employee Plans – Information on retirement related issues
- Enrolled Agent Program information
- Form 8300 article: Is Your Business Filing the Proper Cash Transaction Forms?
- Events – Listing of IRS workshops, seminars, etc.
- Government Entities Tax information
- Individuals – Tax information for Individuals.
- Issue Management Resolution System – Stakeholder issue identification, resolution and feedback.
- Newsroom – Find out the latest IRS news.
- Subscription Services – This is where you can join the IRS Digital Dispatch, the IRS Local News Net, and the Employee Plan News.
- Small Businesses – Small Business and Self-Employed Tax Center
- Tangible Property Regulations