- Don’t share email passwords.
- Don’t open attachments from suspicious sources.
- Don’t click links from suspicious sources.
- Do be cautious even with sources that look legitimate.
- Do forward suspicious emails to firstname.lastname@example.org.
- Do alert the IRS if you may have sent private data to an unauthorized party: contact your local stakeholder liaison.
- Do alert the Tax Commission if you may have sent private data to an unauthorized party: email@example.com.
Don't take the bait!
Fast response is critical
A summary: who to contact Read more on the IRS website
Criminals’ fingerprints hard to spot
Warning signs a tax pro’s had data stolen Read more on the IRS website
It’s also the law
Client security is your legal responsibility Read more on the IRS website
Your employees help keep you safeguarded
“…only as secure as their least informed employee.” Read more on the IRS website
Keep tabs on your EFIN, PTIN, and CAFs
Monitor usage to see if criminals are impersonating you Read more on the IRS website
Tax professionals share horror stories
Hard-won security lessons from fellow tax pros Read more on the IRS website
The most common way to steal customer data
Spear phishing remains the most common approach Read more on the IRS website
Strong passwords and encryption for sensitive data Read more on the IRS website
The “Security Six”
Six areas of security that help protect both you and your clients Read more on the IRS website
IRS, Security Summit campaign launches
“The IRS and the Security Summit partners urge all tax professionals to take stronger security steps to protect themselves and their clients” Read more on the IRS website
Filing season starts with theft
More complex scam takes advantage of gaps in practitioners’ security. Always report data thefts. Read more on the IRS website
Insurance form scam
Criminals spoof tax pros, contact clients, and send them to fake insurance sign-up. Read more on the IRS website
IRS warns: New e-Services scam
Tries to trick tax pros into “signing” a new e-Services user agreement. Read more on the IRS website
Breach or theft? Do this fast
A quick response by tax practitioners can help avert problems. What to do. Read more on the IRS website
The security 90/10 rule
Great checklist for you, your employees, and even to share with your clients. Read more on the IRS website
Free from the IRS and NIST
Handbooks walk you through real-life checklists so you and your clients can be more secure. Read more on the IRS website
Criminals trying for your EFIN
“For tax professionals working with the IRS, protecting these account numbers is critical.” Read more on the IRS website
Payroll, financial, and HR employees targeted
National and international organized crime behind many of these scams. Read more on the IRS website
Check for weak security on wireless devices
Remote takeovers of practitioners’ business network can be devastating. Read more on the IRS website
IRS recommends: Don’t pay the ransom
Ransomware attacks on increase; tax practitioners have been targeted. Read more on the IRS website
Increase in identity theft involving business-related tax returns
Three to five data breaches reported each week. Read more on the IRS website
Account takeover tactics detailed
Criminals do their homework, finding personal clues about you online so they can take over your account. Read more on the IRS website
Emails appearing to be from trusted source are from criminals
91% of cyberattacks and data breaches begin with a “spear phishing email.” Read more on the IRS website
Spoofed requests look like they’re from organization executive
A dangerous scam targets HR and payroll departments requesting employee information and/or W-2s. Read more on the IRS website