Cybercrooks target tax pros, even away from the spring tax rush

The IRS warned that attempts to gain taxpayer data may rise amid approaching deadlines.

By Susan Tompor, Detroit Free Press

August 23, 2017 at 3:22AM
Workers enter the IRS building on Dec. 11, 2014, in Washington, D.C. The IRS has been making a full-court press this summer to alert tax professionals that cyber crooks are out to steal taxpayer information from their digital files. (Molly Riley/McClatchy DC/TNS) ORG XMIT: 1209172
“Cybercrooks have been relentless in their pursuit of taxpayer information,” IRS Luis D. Garcia warned. Said another expert, “One mistaken click is all it takes.” (The Minnesota Star Tribune)

Many of us aren't even thinking about income taxes as we're inching closer to Labor Day. But con artists know the time is right to hit tax pros, who will soon be running into their own crunch time.

What's troubling is that the crooks are so good that some tax professionals might not recognize that they're under attack, according to the Internal Revenue Service (IRS).

"These guys are faceless and you don't even see them coming in," said Luis D. Garcia, an Internal Revenue Service spokesman based in Detroit.

Too often, many of us picture criminal activity as someone attempting to unlawfully enter our homes or offices by trying to jimmy a lock or maybe break a window. But the cybercrooks act in a stealthy manner.

"If you don't see there are signs that you've been under constant attack, you might not think you're at risk," Garcia said.

The IRS has been making a full-court press this summer to alert tax professionals that cybercrooks are out to steal taxpayer information from their digital files.

"Cybercrooks have been relentless in their pursuit of taxpayer information," Garcia warned.

Cyberattacks could increase as certified public accountants, enrolled tax agents and others who prepare taxes gear up for some deadlines. Some corporations and partnerships that took extensions to file their income tax returns must do so by Sept. 15.

And an Oct. 15 deadline applies to individual filers who requested a six-month extension to file back in April.

The IRS has warned that:

• Cybercrooks want to take over digital networks of tax professionals.

The entire digital network for some tax professionals could be at risk for remote takeover by cybercriminals, according to the IRS.

If successful, crooks could then use a client's data to file fraudulent tax returns that would create problems for real tax filers.

"A remote takeover can be devastating to practitioners' business as well as to the taxpayers they serve," IRS Commissioner John Koskinen said.

"It's critical for people to take steps to understand and prevent these security threats before it's too late."

The IRS said it is aware of a handful of tax practitioners who have been victimized by ransomware attacks. Computers can become infected with a ransomware virus after someone clicks on an e-mail attachment.

The virus can then disable the computer network. All your documents and information on the network are then held hostage until you pay up.

Ransomware has grown into a hot scam in the past year or so and some say remains a rising public threat.

• Tax pros are being bombarded with a new phishing e-mail that pretends to be from a tax software provider.

Those phishing e-mails might come with the subject line "Software Support Update." It might refer to an "Important Software Systems Upgrade."

The e-mail often thanks the tax professional for using the service but says the tax preparer must provide login credentials, due to a recent software upgrade.

The crooks are actually providing a link to a fictitious website that mirrors the software provider's actual login page.

"Instead of upgrading software, the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers' accounts and to steal client information," the IRS said.

Legitimate tax software companies are not going to embed links into e-mails asking tax professionals or others to validate passwords.

Remember, phishing scams can be in the form of e-mails, texts and calls.

The 2017 Phishing Trends and Intelligence Report noted that there were more IRS-related phishing attacks in January 2016 than there were in all of 2015.

• Cybercriminals are out to exploit weakness in security settings to gain access to the devices and the files.

The IRS said a printer with a factory-issued password can easily be accessed to allow criminals to see tax return information that's stored in the device's memory.

"Especially vulnerable are wireless networks, including mobile phones, modems and router devices, printers, fax machines and televisions that retain their factory-issued password settings," the IRS said.

"Sometimes, these devices have no protection at all."

Adam K. Levin, chairman of CyberScout, dubbed the security efforts as "abysmal" when it comes to manufacturers associated with what's called the internet of things. We're connecting more devices to the internet — cellphones, headphones, wireless printers.

Levin noted that hackers are persistent and sophisticated, so using a weak default password — which could be readily available on black markets — essentially invites trouble. Bad actors can evade substandard defenses and gain access to printers, copiers and other electronic devices to mine data.

"Hackers wait for moments of distraction or logical times such as late summer when many tax software programs are updated or upgraded by developers," said Levin, the author of "Swiped: How To Protect Yourself In A World Full of Scammers, Phishers and Identity Thieves."

"One mistaken click is all it takes for them to be given a clear path into a tax preparer's network and they are off to the races," Levin said.

Susan Tompor is the personal finance columnist for the Detroit Free Press. She can be reached at stompor@freepress.com.

about the writer

about the writer

Susan Tompor, Detroit Free Press