On high alert: Know the warning signs of data theft
March 3, 2025
For CPAs entrusted with clients' financial data, safeguarding sensitive information is not only essential for the clients' security but also for the CPAs' own legal responsibilities. The U.S. Internal Revenue Service (IRS) provides a comprehensive list of warning signs to help tax professionals identify potential red flags of data theft. By staying vigilant and proactive, tax professionals can play a crucial role in preventing financial fraud.
Suspicious IRS account activity: Tax professionals should be cautious if they receive notifications of e-Services account suspensions, especially if they did not take any actions that could warrant such a suspension. Cyber attackers might attempt to compromise these accounts to access sensitive tax-related data or manipulate filings. Also be on high alert if a client reports an IRS online account was created without their assent.
Unexpected tax transcript requests: One of the key indicators of potential data theft is receiving unexpected tax transcript requests from clients who did not initiate them. Cybercriminals often attempt to access tax transcripts to gain unauthorized access to sensitive financial information. Tax professionals should verify the authenticity of such requests before proceeding to ensure they are not aiding fraudulent activities.
Unauthorized e-filing: Discovering that tax returns have been filed using a client's information without their consent is a significant red flag. Tax professionals should confirm the legitimacy of all e-filed returns and investigate any discrepancies to prevent fraudulent filings.
Excessive or unknown return requests: An unusual surge in return requests from a single client could indicate suspicious activity. Fraudsters may attempt to exploit tax professionals' systems by filing multiple fraudulent returns using stolen information. Monitoring the frequency and nature of return requests can help identify such patterns. Clients could receive a tax transcript they did not request.
Suspicious emails: Exercise caution when responding to email requests, especially those involving changes to payment or sensitive client information. Phishing scams often rely on deceptive emails to manipulate recipients into divulging confidential data or making unauthorized transactions.
Hardware or software glitches: Take note of unexpected software lags or network unresponsiveness. A hacker could have access to your protected client data. In addition to lags, glitches could include the cursor moving or changing items on its own or being unexpectedly locked out of the computer system.
Technology will continue to reshape the accounting landscape and protecting clients' sensitive financial information is a critical CPA responsibility. The IRS has a variety of tools to help, including a written information security plan and a 28-page guide on how to keep customer and business information safe. Find help at irs.gov/tax-professionals/protect-your-clients-protect-yourself.