For the ninth consecutive year, the Internal Revenue Service (IRS) and its Security Summit partners are focused on helping tax professionals stay vigilant against new and ongoing threats of tax-related identity theft.
This year’s Security Summit summer campaign for tax professionals highlights a series of simple actions they can take to better protect both their clients and themselves from the theft of sensitive data.
Key Actions for Tax Professionals:
1. Create a Security Plan
Tax preparers, especially those with smaller practices, are encouraged to use the IRS’s Written Information Security Plan (WISP) template to create a data security plan with ease.
- Publication 5708 has been updated and expanded to help tax preparers develop a security plan, offering clear guidelines and best practices.
- The updated version emphasizes the implementation of multi-factor authentication (MFA) for anyone accessing any information system unless approved in writing by a qualified individual using equivalent or more secure access controls.
For more details, refer to IRS News Release IR-2024-208 (IRS, Security Summit release new Written Information Security Plan).
2. Encourage Clients to Use Identity Protection PINs (IP PINs) and IRS Online Accounts
The IRS IP PIN program helps prevent tax-related identity theft by ensuring that the tax return filed is truly the taxpayer’s.
- Tax professionals are also encouraged to sign clients up for IRS Online Accounts, which provide access to IRS account information and serve as an additional layer of protection against identity theft.
For more details, refer to IRS News Release IR-2024-200 (Identity Protection PINs, IRS Online Account protect against tax-related identity theft).
3. Implement Multi-Factor Authentication (MFA)
As of June 2023, MFA is required under the Federal Trade Commission’s safeguards rule for tax professionals. This added layer of protection strengthens account security by requiring more than just a username and password when accessing systems, applications, or devices.
For more details, refer to IRS News Release IR-2024-201 (Multi-factor authentication: Key protection to tax professionals’ security arsenal now required).
4. Recognize the Signs of Identity Theft
Tax professionals should be alert to warning signs from their clients, such as:
- Receiving a notice that their IRS Online Account was created without their consent
- Receiving a tax transcript they did not request
- Notices from the IRS that don’t match the tax return filed
- Receiving a refund without having filed a tax return
Tax professionals should also watch for these red flags within their business:
- Slow or unexpected computer or network performance
- Client tax returns rejected because their SSN was already used
- Receiving more e-file acknowledgements than filed returns
- Receiving IRS authentication letters (5071C, 6331C, 4883C, 5747C) without filing a tax return
For more details, refer to IRS News Release IR-2024-193 (Security Summit urges tax pros to watch out for identity theft red flags).
5. Understand the ‘Security Six’ Protections
Tax professionals should prioritize these six key security basics as part of their defense against identity thieves:
- Use anti-virus software
- Implement firewalls to guard against outside attacks
- Always enable multi-factor authentication
- Regularly back up important data to an external source
- Use drive or disk encryption software
- Use a Virtual Private Network (VPN) when connecting to unknown networks or working remotely
For more details, refer to IRS News Release IR-2024-218 (IRS, Security Summit highlight “Security Six” and key steps for tax pros to protect themselves).
6. Be Aware of New Emerging Scams Targeting Tax Preparers
Identity thieves continue to develop new scams aimed at stealing sensitive information from tax professionals. These schemes include posing as new clients, phishing emails designed to steal EFIN, PTIN, or CAF information, and more elaborate schemes involving phone calls and texts. Tax preparers must stay vigilant to protect both their clients and their own businesses.
For more details on these evolving scams, see the following IRS news releases:
- IRS News Release IR-2024-183 (New evolving scams threaten tax professionals)
- IRS News Release IR-2024-05 (IRS, Security Summit partners warn of surge in “new client” scams)
- IRS News Release IR-2024-139 (IRS warns taxpayers of scams involving misleading advice on tax credits)
For additional information on the IRS Security Summit and the 2024 Protect Your Clients; Protect Yourself summer campaign, visit these resources:
- Security Summit page
- Protect Your Clients; Protect Yourself – Summer 2024 page
- IRS Publication 4557 – Safeguarding Taxpayer Data
- Data Theft Information for Tax Professionals
- IRS Publication 5461-D – Review your security protocol
CrossLink Professional Tax Solutions
CrossLink is the industry’s leading professional tax software solution for high-volume tax businesses. Built based on the needs of busy tax offices and mobile tax preparers that specialize in providing their taxpayer clients with fast and accurate tax returns, CrossLink has been a trusted software solution since 1989. CrossLink’s in-depth tax calculations, advanced technological features, and paperless solutions allow you to prepare the most complicated tax returns with confidence and ease while providing your customers with an unparalleled experience.
