The Next Data Breach? Tax Preparers Hit with Fake Phishing Emails

In the latest cybercrime twist, the IRS recently reported that hackers are now targeting tax preparers by employing email phishing scams and hacking attempts. Why? For the same reason behind every breach: cybercriminals want to steal Social Security numbers, personal information, and financial data.

Some hackers have filed fake tax returns with stolen identities, and some simply try to sell the info on the black market. But it doesn’t matter what happens to the data once it’s stolen. If you’re the business owner left footing the bill for emergency IT services AND you have to inform your clients of a confidentiality compromise, that’s going to have a negative impact on your company, no matter what business you’re in.

How is this most recent tax-related scam happening?

The same way they always do. Hackers send out emails that look like they’re legitimate — in the case of tax professionals, they appear to come from tax software providers reaching out about a crucial update. Recipients are guided to click on a (bogus) link. One click leads to an infected site, which may ask you to download an file, which, when opened, can access your computer and steal your data.

CPAs, lawyers, doctors, bankers — it doesn’t matter what industry you’re in. If your company houses confidential data, your systems are at risk. The tax preparer situation provides a broad lesson. Proactive monitoring solutions that keep a 24/7 eye on your computers and networks important. But with the IRS cracking down on data security regulations, compliance is even more crucial — and more difficult to achieve.

That’s when you need the help of a trusted IT advisor and compliance expert like CMIT Solutions. We understand the importance of data integrity and cyber-threat protection. We deploy multiple layers of network security to keep your systems, your employees, and your information safe. We offer local, one-on-one service backed by a nationwide system of business owners and technicians. We even know the IRS’ Publication 4557 about Safeguarding Taxpayer Data forward and backward.

Another thing we know? Any successful security strategy must also focus on the human element. Here are five tips you and your employees should follow to keep everyone safe:

1) Keep an eye out for phishing scams.

Does the layout of the email seem odd? Sender’s address look a little strange? Any blatant misspellings? Awkward phrases? This mental email assessment checklist can be completed in less than a minute, and although it might seem annoying, in today’s digital world, it’s necessary. If an email seems out of the blue or slightly off, there’s probably a reason why. Which is why it’s so important that you…

2) Don’t click any links or open any attachments in an email

UNLESS you know the sender and are expecting them. This is pretty self-explanatory. Not abiding by it is the most likely way to compromise a computer. Its importance cannot be understated.

3) Don’t use the same password for every account.

The options here are infinite. You can manually make up variations on a long mix of numbers, letters, and special characters. You can use an online password manager to regularly change your logins (while you only have to remember one secure master password). You can employ two-factor authorization. Or you can give your company the highest level of protection with enterprise-grade password management solutions. The important thing is that you never use “password123” any more.

4) Browse the Internet safely.

If you rely on a Wi-Fi network, make sure it’s password protected and not public. Any time you’re transmitting personal information online, look for “https” or the lock sign next to the web address in your browser. And please, don’t click on any of those ads or headlines that are too good (or ridiculous) to be true.

5) Treat your data with the respect it deserves.

You take your responsibility to your clients seriously — you should take their data seriously, as well. (And the IRS really wants to make sure you take their data seriously.) At CMIT Solutions, we can help you protect your systems. From critical data backups to top-flight encryption to automated administrative processes to software and hardware upgrade assistance, we’ve got you covered.


Worried about suspicious online activity? Afraid your systems have been hacked? Want to avoid online scams and keep your data safe? Contact CMIT today. We pride ourselves on staying up to date with security and compliance issues. We listen to you to resolve your immediate technology headaches and plan for your long-term technology strategy. In short, we worry about IT so you don’t have to. We’ve got your back!


Leave a comment!

You must be logged in to post a comment.