by MEA Tax Advisors | Aug 27, 2021 | Tax Tips and News
Impersonating the Internal Revenue Service is big business for identity thieves. These phishing scams often combine fear of the agency with urgency (and threats), and those who fall for them can soon find their information or money stolen. That’s why the IRS this week highlighted how they communicate with taxpayers.
Generally, the IRS provides tips for figuring out if a phone call, letter, email, or text message is a phishing scam. Those signs can be specific to the particular scam or common amongst them all, and learning to spot phishing is one of the best ways to protect your information. Another key component is knowing how government agencies like the IRS actually contact Americans.
How will the IRS contact me?
Typically, the first communication sent by the IRS is a letter. There are myriad tax-related reasons someone might receive a letter from the IRS, and some letters will require follow-up by an agent: usually a phone call to “confirm an appointment or to discuss items for a scheduled audit.”
However, there are times when an IRS representative needs to show up in-person to talk to an individual taxpayer or business owner. According to the IRS, these “unannounced visits” are primarily “to discuss taxes owed, delinquent tax returns, or a business falling behind on payroll tax deposits.” And they may even ask the taxpayer to pay back taxes (more on that in a moment).
As for digital communication, IRS representatives may occasionally email taxpayers—but the agency stresses that’s not how they “normally initiate contact.”
How won’t the IRS contact me?
The IRS does not send texts or social media messages to taxpayers, period. That means any private messages you receive on Facebook, LinkedIn, Twitter, Instagram, or TikTok are not from the IRS.
What should I do if I think an IRS message is a phishing scam?
If you suspect an IRS letter is fake, you can check it against the list of legitimate letters and notices on IRS.gov. The “Understanding Your IRS Notice or Letter” page features a search tool that contains most letters and notices issued by the agency—some of which even have sample PDFs. When a letter doesn’t appear in the search, the IRS suggests calling 800.829.1040 to speak with an IRS representative.
An in-person visit from the IRS may sound stressful, but there are a couple ways you can determine if the person on your doorstep is the genuine article:
- IRS representatives can always provide two forms of official credentials: a pocket commission and a Personal Identity Verification Credential
- Payment will never be requested to a source other than the U.S. Treasury
Finally, the IRS stresses that you simply should not reply to emails and social media messages, even if they look and sound official. Remember, phishing scams want your personal information, and they’re good at getting tricking people into providing it once they establish a back-and-forth conversation.
(While not explicitly included in this press release, it’s also important to remember to never reflexively click on attachments and hyperlinks in digital messages. These can contain malware or take you to a fake website that is built to steal your information.)
To read the full press release, check out the source link below.
Source: IRS Tax Tip 2021-124
– Story provided by TaxingSubjects.com
by MEA Tax Advisors | Aug 20, 2021 | Tax Tips and News
The tax industry partners who make up the Security Summit are urging practitioners to take a page out of the medical books in order to keep their computer systems healthy: to cure an infection, you first have to know your patient is sick.
In other words, tax pros have to know the signs of data theft if they expect to move quickly to protect their clients.
The Security Summit, which is comprised of IRS officials, state tax agency representatives, and tax industry leaders, says time is critical when there’s a question of identity theft surrounding their data systems. That means immediately contacting the IRS if there’s evidence their data has been compromised, and enlisting insurance or cybersecurity experts to help determine the cause and extent of a possible loss.
“There are tell-tale signs of identity theft that tax pros can easily miss,” said IRS Commissioner Chuck Rettig. “Identity thieves continue to look for ways to slip into the systems of tax pros to steal data. We urge practitioners to take simple steps and remain on the lookout for signs of data and identity theft. They are a critical first line of defense against identity theft.”
Security Summit partners have adopted the theme “Boost Security Immunity: Fight Against Identity Theft,” aimed at urging tax pros to try harder to secure their systems and protect client data. This is reflected by a common comment from tax pros to IRS investigators after data theft: They didn’t immediately recognize the signs they’d been compromised.
What are the signs of possible data theft?
Tax professionals should know the critical signs of data theft:
- Client e-filed returns rejected because client’s Social Security number was already used on another return.
- More e-file acknowledgements received than returns the tax pro filed.
- Clients responded to emails the tax pro didn’t send.
- Slow or unexpected computer or network responsiveness such as:
- Software or actions take longer to process than usual;
- Computer cursor moves or changes numbers without touching the mouse or keyboard;
- Users unexpectedly locked out of a network or computer.
Sometimes, the signs of data theft come to the tax pro from their clients. These “red flags” may come in the form of IRS Authentication letters (5071C, 4883C or 5747C), even though the client hasn’t filed a return. Other signs are a refund when the client hasn’t filed, or a tax transcript they didn’t request.
More warning signs can include:
- Emails or calls from the tax pro that they didn’t initiate.
- A notice that someone created an IRS online account for the taxpayer without their consent.
- A notice the taxpayer wasn’t expecting that:
- Someone accessed their IRS online account; or
- The IRS disabled their online account.
There could, of course, be other examples. Data thieves are a relentless and creative lot. This means tax professionals should have the highest security possible and should not hesitate to contact authorities if they suspect or find something that isn’t right.
What should I do if my data is stolen?
There are steps that tax professionals can take if they—or their office—fall victim to a data theft. But speed is critical; these steps should be taken immediately to mitigate further damage.
Report the theft to the local IRS Stakeholder Liaison.
Liaisons notify IRS Criminal Investigation and other agency officials on behalf of the tax pro. The IRS can take steps to block fraudulent returns in the clients’ names and assist the local practitioner through the process. But speed is vital; data theft must be reported quickly.
Email the Federation of Tax Administrators at [email protected].
This will get the tax pro information on how best to report the facts of the data theft to their particular state. According to the IRS, most states require that the state attorney general should be notified of data breaches and in some states, this could involve multiple state offices.
For more information on reporting a breach, see Data Theft Information for Tax Professionals.
For help with security recommendations, tax professionals can look over IRS Publication 4557, Safeguarding Taxpayer Data, which has been recently updated. Another good source is Small Business Information Security: The Fundamentals from the National Institute of Standards and Technology.
On the IRS website, IRS.gov, their Identity Theft Central pages have additional details targeting tax professionals, businesses and individuals. Also on IRS.gov, Publication 5293, Data Resource Guide for Tax Professionals, has a full set of compiled numbers on data theft.
Source: IR-2021-170
– Story provided by TaxingSubjects.com
MEA Tax Advisors