ID theft directly targeting tax preparers

January 18, 2017 by Chris Rubino

George Mallory, a famous mountain climber, when asked why he wanted to climb Mt. Everest, replied “Because it’s there.” While Mallory was a man of high repute, those with much more nefarious motives have started targeting tax preparers to obtain personally identifiable information (PII) of the tax preparer’s clients, ostensibly on the theory “Because it’s there.”
 
In the course of preparing taxes, a good deal of confidential PII is accumulated that can be used by thieves to perpetuate ID theft, including the preparation of fraudulent returns. We of the tax community have a duty and an obligation to do everything within our means to protect the information we gather as we conduct our businesses.
 
The newest scam involves cybercriminals approaching the tax preparer in the guise of a potential client, sending an email to the preparer which asks about using the preparer’s services. The email may even appear to come from a legitimate organization, colleague, or friend, if their emails or systems were previously hacked. If the tax preparer then responds to this initial email, the cybercriminal replies with a second follow-up message containing an embedded web address, or with an embedded web address in an attachment. If the preparer clicks on this address, instead of downloading a client’s information, a virus or malware is downloaded that sends information to the cybercriminal.
 
There are some commonly accepted best practices in regard to email phishing scams that we can do to protect our clients’ information.
 

• Understand that email is never a secure form of communication.
• Do not respond to emails from unknown sources.
• Never click on links contained within emails (including attachments) that are unsolicited, or unexpected, or from unknown senders.
• Be wary of emails that seem to come from a known sender, but are out-of-the ordinary for that person or entity. You may want to contact the person by phone instead of replying by email.