The Internal Revenue Service and its Security Summit partners late last week warned taxpayers and tax professionals about a new IRS impersonation scam campaign spreading nationally on email. Remember: the IRS does not send unsolicited emails and never emails taxpayers about the status of refunds.
The IRS this week detected this new scam as taxpayers began notifying email@example.com about unsolicited emails from IRS imposters. The email subject line may vary, but recent examples use the phrase “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.”
“The IRS does not send emails about your tax refund or sensitive financial information,” said IRS Commissioner Chuck Rettig. “This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on-guard at all times.”
Tax pros should review new checklist with steps to protect data
Despite major progress against identity and data theft, these threats
still happen. They continue to put tax professionals and their clients
at risk. To help combat this, the IRS and its Security Summit partners
created a new Taxes-Security-Together Checklist. The checklist includes
things tax pros can do now to prevent and recognize data theft. It also
gives steps tax preparers can follow if they do experience a data
Following this checklist is a great starting point for tax
professionals who want to protect their offices, computers and data.
This tax tip is the first in a series highlighting the items in this
Here’s a rundown of the Taxes-Security-Together checklist:
Follow these steps, known as the “Security Six” measures
Activate anti-virus software.
Use a firewall.
Use two-factor authentication.
Use backup software or services.
Use drive encryption.
Create and secure virtual private networks.
Create a data security plan
Federal law requires all professional tax preparers to create and maintain an information security plan for client data.
The security plan requirement is flexible enough to fit any size of tax preparation firm.
Tax professionals should focus on risk areas. These include employee management and training, information systems, and detection and management of system failures.