A chaotic tax season brings new cyberthreats

The U.S. tax season is officially underway, and this year the filing deadline for most of us is April 18.   That’s roughly 12 weeks of unprecedented challenges for taxpayers, tax preparers, and the Internal Revenue Service. The confusion and urgency around tax issues create an unfortunate opportunity for cybercriminals to strike it rich.

We’ve warned about W-2 scams in the past, and this type of fraud is still a legitimate threat. These scams involve tricking someone into sending the company W-2 forms to a criminal who will sell the data or file fraudulent returns. A similar scam targets tax preparers in an attempt to steal Electronic Filing Identification Numbers (EFINs). Identity thieves pose as a bank or other trusted source with an urgent message to open a link or attachment. The IRS Security Awareness for Taxpayers campaign has outlined a handful of steps to avoid identity theft during tax season.

When successful, these scams result in a data breach that may or may not lead to tax-related identity theft. The IRS defines this as “when someone uses your stolen personal information, including your Social Security number (SSN), to file a tax return claiming a fraudulent refund.” According to the ITRC’s 2021 Annual Data Breach Report, the overall number of data breaches is up more than 68% compared to 2020, and the number of events that involved SSNs increased from 80 to 83%. The IRS lists some indicators of this fraud in the Taxpayer Guide to Identity Theft.

New challenges for accounting firms and the IRS

Accounting firms will have their own challenges around cybersecurity this year. In addition to the tax preparation work around pandemic-related expenses, payments, and losses, these firms have to be vigilant against the latest types of cybercrime. The W-2 scams may be easy for a CPA to avoid, but the latest version of Ryuk ransomware can come through an unsecured and forgotten remote desktop protocol (RDP) connection that was created at the start of the pandemic. Hacking gangs are good at finding new ways into the network, and they are really good at finding valuable data once they get in. The entire digital infrastructure has to be secured with the most up-to-date protection against these threats.

Finally we come to the ‘cherry on top,’ which is a December 2021 report titled “Vulnerability Scanning and Remediation Processes Need Improvement.” The report is the result of an audit on IRS security practices, conducted by the Treasury Inspector General for Tax Administration (TIGTA). The report identifies four areas that require improvement, including vulnerability remediation and privileged access scanning. The IRS has agreed with the audit and has plans to carry out the TIGTA recommendations. This will be another challenge for an already under-resourced agency during a very busy tax season.

It’s imperative that individuals and businesses remain on alert against identity theft, spear phishing, and other attacks. Protect your credentials, backup your data, and make sure that your network, applications, and email are fully secure.