The Internal Revenue Service joins its Security Summit partners today to announce the start of a special summer “Protect Your Clients; Protect Yourself” campaign aimed at ensuring tax professionals stay alert against new and ongoing threats of tax-related identity theft.

“The Security Summit plays a key role in protecting federal and state tax filings from identity thieves. Their work continues to strengthen our systems against fraudulent tax returns,” said IRS Commissioner Danny Werfel. “Tax professionals also form a critical part of our defenses. The sensitive financial and tax information they hold is a tempting target. It’s critical that those handling sensitive tax information, especially smaller practices, stay current and keep their systems safe.”

The Summit coalition of the IRS, state tax agencies and the nation’s tax community will start the annual summer series next week to raise awareness among tax professionals about the importance of maintaining strong security. The series will run for five consecutive weeks each Tuesday, coinciding with the start of the IRS Nationwide Tax Forums today in New Orleans. The news release series and the summer Tax Forums will provide important information to help protect sensitive taxpayer data that tax professionals hold while also protecting their business from identity thieves.

This marks the eighth year that the Security Summit partners have worked to raise awareness about these issues through the “Protect Your Clients; Protect Yourself” campaign.

Building stronger connections with tax professionals and increasing collaboration with groups like the Security Summit are part of the transformation effort outlined in the new IRS Strategic Operating Plan.

The 10-year plan, unveiled in April, highlights areas in which the IRS will be working to make improvements to help taxpayers, tax professionals and the nation.

By taking some basic security steps, tax pros can help protect themselves against the relentless efforts of identity thieves. This summer’s effort focuses on a reminder for tax pros to focus on fundamentals and to watch out for emerging vulnerabilities.

Tax professionals are prime targets of criminal syndicates that are both tech- and tax-savvy. These scammers either trick or hack their way into tax professionals’ computer systems to access client data. Even when tax pros think they have client data stored in a secure platform, such as the cloud, lack of strong authentication can make this information vulnerable.

Identity thieves use stolen data to file fraudulent tax returns that make it more difficult for the IRS and the states to detect because the fraudulent returns use real financial information. Other data thieves sell the basic tax preparer or taxpayer information on the web so other fraudsters can try filing fraudulent tax returns.

The Security Summit formed in 2015 to join the fight against identity theft. The Summit partners have made great inroads against tax-related identity theft, dramatically reducing confirmed identity theft returns and saving billions in tax dollars during the course of the collaborative effort.

The summer Security Summit tax pro campaign will cover these key topics that will highlight a series of simple actions that tax professionals can take to better protect their clients and themselves from sensitive data theft. Taking these steps now will help ensure the progress in tax-related identity theft continues.

• Create a security plan. The Written Information Security PlanPDF, or WISP, is a 28-page, easy-to-understand document developed by and for tax and industry professionals to keep customer and business information safe and secure. Security Summit partners, including tax professionals, software and industry partners, representatives from state tax groups and the IRS developed the WISP. The Summit partnership will highlight these plans at each of the five IRS Nationwide Tax Forumsthis year.
• Sign up clients for Identity Protection PINs. The IRS now offers IP PINs to all taxpayers who can verify their identities online, on the phone with an IRS employee after filing a Form 15227 or in person. To obtain an IP PIN, the best option is the IRS online tool Get an IP PIN Before attempting this thorough process, see How to Register for Certain Online Self-Help Tools. If taxpayers are unable to validate their identity online and if their income is below $73,000 for individuals or below $146,000 for married couples, they may file Form 15227, Application for an Identity Protection Personal Identification NumberPDF.
• Phishing, Spear phishing and Whaling. These aren’t summer activities; these are real cyber schemes that put sensitive information at risk. Tax pros are a common, everyday target of phishing scams designed to trick the recipient into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Tax professionals, and taxpayers, should be aware of different phishing terms and what the scams might look like.
• Know the tell-tale signs of identity theft. Many tax professionals who report data theft to the IRS also say they were unaware of signs that a theft had already occurred. There are many signs for which tax pros should watch. These include: multiple clients suddenly receiving suspicious IRS letters requesting confirmation that they filed a tax return; tax professionals seeing e-file acknowledgements for far more tax returns than they filed; and tax pros’ computer cursors moving seemingly on their own.
• Help clients protect themselves whether working from home or traveling. With the continuation of work-from-home policies for many organizations, taxpayers may find themselves conducting their affairs – whether personal, business or financial – in a different way. Tax pros can help their clients protect themselves by sharing key bits of information on computer security. These cyber-smart tactics protect not only the tax professional, but also their clients.

Source: IRS-2023-124, July 11, 2023

To wrap up National Tax Security Awareness Week, the Internal Revenue Service and the Security Summitpartners today urged businesses to remain vigilant against cyberattacks aimed at stealing their customer’s personal information and other business data.

The IRS continues to see instances where small businesses and others face a variety of identity-theft related schemes that try to obtain information that can be used to file fake business tax returns. For example, phishing schemes continue to target businesses as well as tax professionals and individual taxpayers.

“Just like individuals and tax professionals, businesses of all types need to be on the lookout for attempts to steal information and data,” said IRS Acting Commissioner Doug O’Donnell. “Businesses are especially attractive to cyberthieves because there is a potential to steal a lot of data. They may use the information to file a business tax return or use customer data for identity theft.”

The IRS, state tax agencies and the nation’s tax software and tax professional industries operate cooperatively as the Security Summit to highlight data security and fight identity theft. Today marks the final day of the seventh annual week dedicated to information security and helpful tips for individuals, businesses and tax professionals.

Cyber criminals target businesses of all sizes; knowing some cybersecurity basics and putting them in practice will help business owners protect their business and reduce the risk of a cyber-attack. Criminals can target a business’s credit card or payment information, business identity information or employee identity information.

Businesses are encouraged to follow best practices from the Federal Trade Commission, including:

• Use multi-factor authentication.
• Set security software to update automatically.
• Back up important files.
• Require strong passwords for all devices.
• Encrypt devices.

More information is available at FTC’s Cybersecurity for Small Businesses.

Businesses should especially be alert to phishing email scams that attempt to trick employees into opening embedded links or attachments. IRS related scams may be sent to phishing@irs.gov so the IRS can try to track, stop or disrupt scams.

To improve security, the IRS now masks sensitive information from business tax transcripts, which summarizes tax return information, to help prevent thieves from obtaining identifiable information that would allow them to file fake business tax returns. Only financial entries are fully visible. Other information has varying masking rules. For example, only the first four letters of each first and last name will display for individuals and businesses. Also, only the last four digits of the Employer Identification Number will be visible.

The IRS also has the Form 14039-B, Business Identity Theft AffidavitPDF, that will allow companies to proactively report possible identity theft to the IRS when, for example, an e-filed tax return is rejected.

Businesses should file the Form 14039-B if it receives a:

• Rejection notice for an electronically filed return because a return is already on file for that same period.
• Notice about a tax return that the entity didn’t file.
• Notice about Forms W-2 filed with the Social Security Administration that the entity didn’t file.
• Notice of a balance due that is not owed.

This form will enable the IRS to respond to the business and work to resolve issues created by a fraudulent tax return. Businesses should not use the form if they experience a data breach but see no tax-related impact. For more information, see Identity Theft Central’s business section.

In addition to phishing and other scams, all employers should remain alert to Form W-2 theft schemes. For example, a thief may pose as a company executive who emails payroll employees and asks for a list of employees and their W-2s. Businesses often don’t know they’ve been scammed until an employee reports that a fraudulent tax return has been filed.

There’s a special reporting procedure for employers who experience the W-2 scam. It’s available in the Identity Theft Central’s business section.

Finally, Security Summit partners urge businesses to keep their EIN application information current. Changes of address or responsible party information may be reported using Form 8822-B. Changes in the responsible party must be reported to the IRS within 60 days. Current information can help the IRS find a point of contact to resolve identity theft and other issues.

For more details and to learn more about this year’s National Tax Security Awareness Week’s efforts, visit IRS.gov/securitysummit.

Source: IRS-2022-211, December 2, 2022

WASHINGTON — On Cyber Monday, the Internal Revenue Service and the Security Summit partners kicked-off the 7th National Tax Security Awareness Week with information for taxpayers and tax professionals on how to avoid scams and protect sensitive personal information.

With the holiday season now in full swing, the period presents a prime opportunity for identity thieves to try stealing personal financial information, which also could be used to potentially file fraudulent tax returns. People can face risks if they’re shopping online and using publicly accessible Wi-Fi. And the Summit reminds people that fictitious text scams with “smishing” schemes continue during this period.

“With holiday shopping starting and the 2023 tax season quickly approaching, many people will be using laptops and personal devices to share sensitive financial information,” said IRS Acting Commissioner Doug O’Donnell. “In the months ahead, these same devices will be used to complete millions of tax returns by both taxpayers and tax professionals, making the holiday season the perfect time to take steps to protect your valuable information and watch out for scams.”

Formed in 2015, the Security Summit partnership between the IRS, state tax administrators and the tax software and tax professional community have worked together to improve defenses and protect people from tax-related identity theft. As part of that effort, the Summit partners worked to raise taxpayer and tax professional awareness about security issues – not only protecting people from the risk of identity theft but helping protect the nation’s tax system from refund-related fraud.

The Summit partners urged people to take extra care while shopping online or viewing emails and texts, especially during the holiday season when criminals are very active. The Security Summit reminds everyone to stay safe while holiday shopping with the following considerations:

• Shop at sites where the web address begins with “https” – the “s” is for secure communications and look for the “padlock” icon in the browser window.
• Don’t shop on unsecured public Wi-Fi in places like a mall.
• Keep security software for computers, tablets and mobile phones updated.
• Protect the devices of family members, including young children, older adults as well as less technologically savvy users.
• Make sure anti-virus software for computers has a feature to stop malware, and that there is a firewall enabled that can prevent intrusions.
• Use strong and unique passwords for online accounts.
• Use multi-factor authentication whenever possible. It helps prevent thieves from easily hacking accounts.

The IRS also reminds people about advice from the Federal Trade Commission to never buy anything from online sellers that accept payment only by gift cards, money transfers through companies like Western Union or MoneyGram or cryptocurrency. Payments you make that way are nearly impossible to trace and reverse. Scammers often tell people to use those payment methods so they can get money quickly.

Additionally, the IRS warned taxpayers of a recent increase in IRS-themed texting scams aimed at stealing personal and financial information. During 2022, the IRS identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers.

Smishing campaigns target mobile phone users, and the scam messages often look like they’re coming from the IRS, offering lures like fake COVID relief, tax credits or help setting up an IRS online account. Recipients of these IRS-related scams can report them to phishing@irs.gov.

Stolen data can be used to file fraudulent tax returns that make it more difficult for the IRS and the states to detect because the fraudulent returns use real financial information. Other data thieves sell the basic tax preparer or taxpayer information on the web so other fraudsters can try filing fraudulent tax returns.

Given the rise of texting scams, taxpayers can check out security recommendations for their specific mobile phone by reviewing the Federal Communications Commission’s Smartphone Security Checker. Since phones are used for shopping and even for doing taxes, remember to make sure phones and tablets are just as secure as computers.

Source: IRS-2022-204, November 28, 2022

The Internal Revenue Service announced the selection of Guy Ficco as the next Deputy Chief for IRS Criminal Investigation (IRS-CI). He will oversee 20 field offices and 11 foreign posts, including approximately 2,000 special agents investigating tax fraud and other financial crimes.

“The Deputy Chief position demands someone with vast experience in tax law and financial crimes, but also a passionate leader who can further the development of CI’s workforce”, said Jim Lee, Chief of IRS Criminal Investigation. “After nearly three decades serving our agency in various roles, Guy’s experience will prove invaluable as we continue uncovering financial crimes around the world.”

Ficco currently serves as IRS-CI’s Executive Director of Global Operations where he oversees CI’s policies related to investigations, as well as the agency’s international footprint. He provides executive leadership over CI’s Financial Crimes, Asset Recovery and Investigative Services, Special Investigative Techniques, and Narcotics and National Security sections, as well as CI’s International Field Operations.

Ficco will replace Jim Robnett, who will be retiring July 15 after 36 years of service at the IRS, 28 of which were with IRS-CI.

In previous IRS-CI positions, Ficco served as Special Agent in Charge, providing oversight and direction in matters relating to criminal investigation activities and programs for the Philadelphia Field Office. Additionally, during his tenure he held various leadership roles including Supervisory Special Agent in the Washington Field Office, Senior Analyst in both Financial Crimes and International Operations sections, Assistant Special Agent in Charge for the Washington Field Office, Director of Special Investigative Techniques, Washington DC, and long-term actor for Deputy Director, Strategy.

Ficco served as a Congressional Fellow through the Government Affairs Institute at Georgetown University, assigned to the Permanent Subcommittee on Investigations in the Senate Homeland Security Committee. He holds a bachelor’s degree in business administration with a concentration in Accounting from Dominican College in New York. He is a Certified Fraud Examiner and joined IRS Criminal Investigation in 1995.

IRS-CI is the criminal investigative arm of the IRS, responsible for conducting financial crime investigations, including tax fraud, narcotics trafficking, money-laundering, public corruption, healthcare fraud, identity theft and more. IRS-CI special agents are the only federal law enforcement agents with investigative jurisdiction over violations of the Internal Revenue Code, boasting a nearly 90 percent federal conviction rate. The agency has 20 field offices located across the U.S. and 11 attaché posts abroad.

Source: IRS