Comptroller Franchot, IRS Warn Tax Pros to Watch for Data Theft

ANNAPOLIS, Md. (March 30, 2018) - As the busiest time of the tax season approaches, Maryland Comptroller Peter Franchot and the Internal Revenue Service (IRS) warn tax professionals to remain alert to taxpayer data theft and to safeguard data. The 2018 tax filing deadline is Tuesday, April 17.

“Cyber thieves never rest and tax preparers throughout Maryland need to remain on guard to protect their clients’ personal and financial information,” Comptroller Franchot said. “These devious tactics ruin lives and leave victims vulnerable. Never give anyone claiming to be from the IRS on the phone or in an email your Social Security or other identifying information.”

The IRS said the “new client” scam has re-emerged by cyber criminals to target tax professionals with spear phishing schemes. In this scam, a “new client” emails the tax pro about a tax issue, attaching documents purportedly to be an IRS notice or prior-year tax information. The documents actually contain malware that, if opened, enable criminals to steal taxpayer information.

Some tax professionals may be unaware they are victims of data theft. Here are some signs:

  • Client e-filed returns begin to reject because returns with their Social Security numbers were already filed;
  • The number of returns filed with tax practitioner’s Electronic Filing Identification Number (EFIN) exceeds number of clients;
  • Clients who haven’t filed tax returns begin to receive authentication letters (5071C, 4883C, 5747C) from the IRS;
  • Network computers running slower than normal;
  • Computer cursors moving or changing numbers without touching the keyboard;
  • Network computers locking out tax practitioners.

Spear phishing occurs when the criminal singles out one or more tax preparers in a firm and sends an email posing as a trusted source such as the IRS, e-Services, a tax software provider or a cloud storage provider. Thieves also may pose as clients or new prospects to trick the tax preparer into disclosing sensitive usernames and passwords or to open a link or attachment that secretly downloads malware.

Here are the recommended security steps:

  • Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. The Comptroller’s Office and the IRS never initiates contact via email.
  • Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.

Review internal controls:

  • Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update.
  • Use strong and unique passwords of 10 or more mixed characters, password protect all wireless devices, use a phrase or words that are easily remembered and change passwords periodically.
  • Encrypt all sensitive files/emails and use strong password protections.
  • Back up sensitive data to a safe and secure external source not connected fulltime to a network.
  • Wipe clean or destroy old computer hard drives that contain sensitive data.
  • Limit access to taxpayer data to individuals who need to know.
  • Check IRS e-Services account weekly for number of returns filed with EFIN.

Those who experience a security incident or a breach resulting in data disclosure should report the incident to the appropriate IRS Stakeholder Liaison. If Maryland taxpayers suspect fraud, they are asked to immediately report the issue to the Comptroller’s Questionable Return Detection Team at QRDT@comp.state.md.us.

MEDIA CONTACTS:  Joseph Shapiro -  jshapiro@comp.state.md.us
                                        410-260-7305 (office); 443-871-2244 (mobile)

Alan Brody –  abrody@comp.state.md.us
                                        410-260-6346 (office); 443-924-1473 (mobile)