The fact that most of us have never been through anything like COVID-19 before isn’t lost on the Internal Revenue Service (IRS). It’s created a Security Summit composed of IRS, state tax agencies, and private-sector tax industry to keep an eye open for cybercriminals bent on taking advantage of any pandemic-related scams centered around the outbreak or the government’s Economic Impact Payments.
In addition, the IRS’ criminal investigation unit is also on the case and has already uncovered actual cases where cybercrooks try to prey on vulnerable taxpayers who are unaware of how they’ll get their stimulus checks.
“Identity thieves view the pandemic as a chance to exploit tax professionals as well as taxpayers,” IRS Commissioner Chuck Rettig told ConsumerAffairs. “They are using every trick of their criminal trade to con people as well as steal valuable personal and financial information to help enable tax-related identity theft. In many ways, tax pros are one of the first lines of defense. We urge the entire tax community to take additional steps and protect their sensitive data.”
Heads up, tax pros
The IRS wants tax pros to take the interconnection of the pandemic and taxpayers personal data seriously. Here are the things the agency is asking tax preparers to do:
Use a virtual private network for extra security
“All tax professionals who are teleworking should be using an encrypted Virtual Private Network or VPN,” the IRS wrote. “A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the internet and the company network.”
VPNs are a foreign concept to a lot of people, but, basically, they are a tool that connects two computers on the internet so they can send and receive data securely and privately.
If someone doesn’t have a VPN, a cybercriminal can exploit vulnerabilities and make off with user data. It could even allow a hacker to complete and file a person’s tax return by simply changing the bank account information so the refund goes into their account and not the real taxpayers.
Use multi-factor authentication to help protect data
Over the last couple of years, the option of multi-factor authentication has become a staple of larger platforms as they try to give end users an added layer of security. It allows users to prove that they are who they say they are, generally via a text to a mobile phone.
The Security Summit partners urge tax pros to use this option if it’s available as part of their tax preparation software. This could help stop a thief from simply stealing log-in credentials and accessing an account because they would also need the device that verifies the actual user’s identity.
Avoid phishing scams
Identity thieves have turned up the volume of consumer-directed phishing scam efforts to try and get their hands on COVID-19 and Economic Impact Payments. However, those same crooks are targeting tax professionals as well.
“Tax professionals should beware of emails from criminals posing as potential clients. As people practice social distancing these days, criminals may exploit this process to try to trick tax practitioners into opening links or attachments,” the IRS said. “For example, crooks may present themselves as a new client and ask the practitioner to view the wage and income information they have in an attachment.”
The Security Summit says that tax professionals can prevent this with some rather simple steps: know your customers; use the phone to confirm identities; and don’t take the bait.
Taxpayers can report suspicious emails posing as the IRS to our *PHISHING mailbox at firstname.lastname@example.org.
“Hi, I’m from the IRS…”
The IRS is simply not in the habit of calling people, much less emailing them or texting them. The agency will not call, email, or text anyone about Economic Impact Payments, either.
“These are impersonation scams by thieves seeking to steal bank account or other sensitive data. Do not fall for these scams,” the IRS warns.
Don’t forget security software
If you haven’t spent the money on getting well-reviewed security software, the COVID-19 security scare should be reason enough to.
The IRS recommends that consumers look for broad-based security software that protects computers and mobile phones so hackers can’t deposit some malware eggs which could, in turn, infect digital networks.