IRS Tax News

IR-2021-152, July 14, 2021

WASHINGTON — Continuing an effort to battle tax-related identity theft, the IRS, state tax agencies and the tax industry announced today that the annual campaign to raise awareness among tax professionals about data security will begin next week.

The 2021 campaign begins as the number of data thefts reported by tax professionals to the IRS continued to climb. Through June 30, 2021, there have been 222 data theft reports this year from tax professionals to the IRS, outpacing the rate of 211 in 2020 and 124 in 2019. Each report can impact hundreds of taxpayers and threaten the tax professional's business.

"Boost Security Immunity: Fighting Against Identity Theft" will urge tax professionals to take basic actions to stem the data theft from their offices. This is the sixth year that the Security Summit partners – the IRS, state tax agencies and the nation's tax community – have worked to raise awareness about these issues.

"The Security Summit continues to work cooperatively to battle tax-related identity theft, but we need the help of tax professionals in this effort," said IRS Commissioner Chuck Rettig. "We continue to see instances where tax professionals did not take simple steps that could have protected their clients and their business. Tax professionals must take a shot at basic security steps to protect against relentless efforts by identity thieves to steal data and tax information."

Identity thieves and fraudsters were especially active last year and this year as they used the COVID-19 pandemic, the nationwide teleworking practices and the economic downturn as fuel for a variety of scams and schemes to steal money and identities.

Tax professionals are key targets of criminal syndicates that are tech-savvy, tax-savvy and well-funded. These scammers either trick or hack their way into tax professionals' computer systems to access client data. They use stolen data to file fraudulent tax returns that make it more difficult for the IRS and the states to detect because the fraudulent returns use real financial information.

The Security Summit formed in 2015 to take its own shot at fighting against identity theft. The Summit partners made great inroads against tax-related identity theft, dramatically reducing confirmed identity theft returns and saving billions in tax dollars.

During the next five weeks, the Security Summit partners will highlight a series of simple actions that tax professionals can take to better protect client data from theft and help ensure that the progress in tax-related identity theft that started in 2015 continues on its path.

Highlighted recommendations will be to:

• Use multi-factor authentication to protect tax preparation software accounts. All tax software providers now offer multi-factor authentication options, which require more than just a username and password to access accounts. This feature is offered on tax preparation products for both tax professionals and taxpayers. This is a key step to securing sensitive financial data. Multi-factor authentication is in addition to traditional actions such as using anti-virus software, strong password phrases and virtual private networks to protect connections between telework locations and offices – all critical steps for tax pros

• Sign up clients for Identity Protection PINs. The IRS now offers IP PINs to all taxpayers who can verify their identities online, on the phone with an IRS employee after filing a Form 15227 or in person. The IP PIN is a six-digit number that is known only to the taxpayer and the IRS. It helps prevent an identity thief from filing a fraudulent return in the taxpayer's name. Tax professionals cannot obtain an IP PIN for their clients. Clients must verify their identities to the IRS. The easiest way is at the Get an IP PIN tool on IRS.gov.

• Help clients fight unemployment compensation fraud. One of the larger scams of 2020 involved identity thieves using stolen identities to file for unemployment compensation benefits with the states during the pandemic-induced economic downturn. States issue Forms 1099-G to taxpayers and the IRS to report taxable unemployment income. For 2020, some taxpayers received multiple Forms 1099-G from states as thieves used their names to steal benefits.

• Avoid spear phishing scams. One of the most successful tactics used by identity thieves against tax professionals is the spear phishing scam. Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. For 2020, tax pros were especially vulnerable to spear phishing scams from thieves posing as potential clients. Thieves might carry on an email conversation with their target for several days before sending the email containing a link or attachment. The link or attachment may secretly download software onto the tax pros' computers that will give thieves remote access to the tax professionals' systems.

• Know the signs of identity theft. Many tax professionals who report data thefts to the IRS also say that they were unaware of the signs that a theft had occurred. There are many signs that tax pros should be aware. These include multiple clients suddenly receiving IRS letters requesting confirmation that they filed a tax return deemed suspicious. Tax professionals may see e-file acknowledgements for far more tax returns than they filed. Computer cursors may move seemingly on their own.

More information on these tips will be available every Tuesday over the next five weeks.

This summer series also coincides with the annual IRS Nationwide Tax Forums, which are being held virtually this summer over a five-week period beginning July 20. The 2021 Forums feature three webinars focused on cyber- and information security that will be live streamed as follows:

• "Cybersecurity for Tax Professionals – Advanced Session," presented by the American Coalition for Taxpayer Rights, July 28 at 2 p.m. ET.
• "Helping You and Your Clients Steer Clear of Fraud and Scams," presented by the Treasury Inspector General for Tax Administration, Aug. 4 at 11 a.m. ET.
• "IRS Criminal Investigation: Deeper Dive into Emerging Cyber Crimes and Crypto Tax Compliance," Aug. 5 at 11 a.m. ET.

For more information and to register visit IRS Nationwide Tax Forum.