Beware this year's taxpayer refund scams and data breaches: 8 steps recommended by the IRS

Thompson Coburn LLP

Thompson Coburn LLP

The IRS recently released a statement regarding emerging scams that are cropping up this tax season.

Besides phone-based scams targeting individuals, thieves are also stealing client data from tax accountants and using it to file fraudulent tax returns; they use the individual’s bank account information for the deposit, then utilize various techniques to access the accounts and claim the funds.

If they haven’t already, tax preparers and businesses should ensure that they have adequate security to protect their clients’ tax and financial information from cyber-attacks. This may include an annual review of the security of workstation and server computer systems as well as any cloud service providers (Microsoft Office 365, Google Apps Suite, and others), internal policies and procedures (password policies, acceptable use policies), software application security (remote access software, anti-malware, server operating system updates) and employee training programs (resistance to phishing emails, scams and malware).

If you or your clients have been the victim of these sorts of attacks, there are steps to consider taking to protect yourself.

Contact an attorney that has experience in assisting companies that have been the victim of a cyber-attack. The attorney can help you navigate any of the IRS’ recommended steps (described below), and engage outside experts under attorney-client privilege.

  1. Contact the IRS, FBI and local police right away.
  2. Report the data theft to state agencies (where they prepare state tax returns).
  3. Contact and engage a forensic computer expert to determine the cause and scope of the theft—and prevent it from happening again.
  4. Inform your insurance company and see if your policy covers expenses related to the data loss.
  5. Send letters to clients whose information may have been breached, and notify state attorneys general as required under applicable data breach notification laws. (The FTC also provides guidance for businesses in this situation.)
  6. Notify credit reporting agencies.
  7. Consider obtaining credit monitoring and identity restoration services for your clients.
  8. Contact relevant software and client portal providers to reset passwords and prevent the compromised accounts from being accessed by an attacker.

For more information, refer to IRS Tax Tip 2018-23.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thompson Coburn LLP | Attorney Advertising

Written by:

Thompson Coburn LLP

Thompson Coburn LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.