Identity thieves ramp up phishing scams during filing season.
The first full week of the tax year 2019 filing season is in the books, but it’s a long road to April 15. Tax professionals across the country are bracing for notoriously long hours and hundreds (or thousands) of client returns. Unfortunately, phishing scams are now part of the long list of things you have to worry about year after year.
Identity thieves are acutely aware of the stress tax professionals face in the inexorable march toward Tax Day. Specifically, they’re ready to take advantage of the flood of emails you receive from clients and staff by deploying waves of phishing scams.
While it may be easy to spot those infamous Nigerian prince scams, emails impersonating coworkers and prospective clients might be a little harder to suss out at first glance. That’s where the IRS and its Security Summit partners come in.
What does the Security Summit do?
The Security Summit was founded in 2015 by the IRS, state tax agencies, and private members of the tax industry in response to the staggering volume of identity theft scams targeting taxpayer information. This new organization was dedicated to educating taxpayers and tax professionals about tax-related identity theft and data security best practices.
One of the cornerstones of the Security Summit’s outreach has been the development of easily accessible, online educational resources. Those efforts have led to a decline in successful tax-related identity theft scams, but there are still taxpayers who haven’t seen the raft of informational videos, social media posts, or email alerts distributed by Summit partners.
How do I protect my office and clients from phishing scams?
The first step in any data security plan is understanding the threats you face. When it comes to phishing, that means learning the telltale signs of these scams. Luckily, the emails created by identity thieves tend to have poker tells, like poor grammar, email addresses that substitute numbers for letters (“@wa1mart.com” instead of “walmart.com”), and threatening language.
It’s also a good idea to stop opening attachments and clicking links. Even if you’re expecting someone to send you an email containing a needed file, confirm with that person that they sent the email before scanning it with an antivirus program.
Be sure to include data security protocols in your onboarding process, especially if you’re hiring seasonal staff. It goes without saying that everyone in the office is made aware of your written data security plan (you have one, right?) and practices good data security habits.
Where can I find more data security resources?
First, make sure to bookmark the Security Summit page on IRS.gov. There you will find a number of accordion menus containing information on important data security-related topics:
Another thing to consider? Keep an eye on the official IRS Facebook and Twitter feeds. While I wouldn’t recommend spending too much time scrolling through social media (it’s filing season!), government agencies often use these platforms to publish bite-sized nuggets of wisdom, including links to important news and resources on their feeds. During events like National Tax Security Awareness Week, the IRS will post something every day, several times a day.
While YouTube has become a cornerstone of the entertainment industry, government organizations have begun posting video content on the site to better support taxpayers. The IRS YouTube page hosts a number of playlists that address important tax topics, including identity theft. (Here’s their latest video about phishing scams.)
Finally, keep an eye on the GruntWorx blog. We regularly cover data security issues, from the latest phishing scams to data security best practices.