Multi-Factor Authentication Can Head Off Sophisticated Scammers

Multi-Factor Authentication Can Head Off Sophisticated Scammers

Identity theft. Just the mere mention of this mayhem masquerade is enough to make the blood of tax professionals everywhere run cold.

As keepers of our clients’ most precious information, we are at once the target to identity thieves, and the solution for our customers’ protection.

Sometimes it seems as if the scammers are winning. But we already have the tools that can help keep the bad guys at bay.

Try Drake Tax for free! Download now!

Identity theft is evolving (again)

Historically, most identity theft attacks are phishing emails, though scammers have begun using text messages. Whatever form these scams take, the Internal Revenue Service says they share a few characteristics:

  • They appear to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS and other government agencies.
  • They create a false narrative, often with an urgent tone, to trick the receiver into opening a link or attachment.

If successful, the “link” could install malware in the background, unknown to the personnel on the receiving end. Many times, a nasty “remote access trojan” (or RAT), is installed, allowing attackers to return to the system and gain ongoing access.

This software can take over a tax pro’s office system, identifying and completing pending tax returns, then e-filing them after changing the banking information to steal the refund.

Similar scenarios can be used to employ ransomware that holds an office’s data hostage until a ransom is paid.

Use multi-factor authentication to protect your accounts

Even the safest platforms can put data at risk when used improperly, and identity thieves are adaptable. Lately, the IRS has seen evidence that cloud-computing systems are being targeted by identity thieves. These breaches are often suffered by smaller tax offices that don’t take advantage of security measures like multi-factor authentication.

Multi-factor authentication requires additional user-provided information to access an account, like a remotely generated code or answers to questions. This additional layer of security can stymie identity thieves attempting to log in fraudulently as office employees.

The Security Summit, a panel of IRS officials, state and local taxing agency representatives, and tax industry partners, has some recommendations about how multi-factor authentication should be constructed to be most effective.

First, whenever two-factor (2FA) or multi-factor (MFA) options are offered by storage providers or other cloud providers, use it. Either option could protect client accounts – even in the event that passwords become compromised.

Second, never use email as one of the additional methods of validating the user. Email is less secure and can be an easier nut to crack for the attacking identity thief. Text, phone calls or tokens are all a better choice.

Other good practices to follow include using encryption on critical drives and backing up files regularly. Don’t forget to update your anti-virus software on a regular basis.

As tax professionals, it’s up to us to secure our systems to protect the sensitive customer data.

For more information on protecting your office from scammers and identity thieves, see Publication 4557, Safeguarding Taxpayer Data and Small Business Information Security: The Fundamentals.

Other resources include Publication 5293, Data Security Resource Guide for Tax Professionals and the Identity Theft Central webpages on the IRS website.

Source: Security Summit warns tax pros of evolving email and cloud-based schemes to steal taxpayer data

Story provided by TaxingSubjects.com

Florida Storm Victims Get Tax and Fuel Penalty Relief

Florida Storm Victims Get Tax and Fuel Penalty Relief

IRS extends tax deadlines and lifts dyed diesel fuel penalties for Hurricane Ian victims in Florida.

Hurricane Ian slammed into the Florida coast last week, leaving a trail of destruction that resulted in more than a million without power and 81 confirmed dead. The Internal Revenue Service announced tax relief and dyed diesel fuel penalty relief for storm victims following a disaster declaration for the entire state by the Federal Emergency Management Agency (FEMA).  

These relief measures are designed to make disaster recovery easier by delaying upcoming tax-related deadlines and helping emergency workers operate in affected areas. Tax relief is automatically granted to individual residents and business owners in affected areas; dyed diesel fuel penalty relief is available to sellers and emergency-vehicle operators who pay the highway diesel tax.  

Try Drake Tax for free! Download now!

What deadlines are affected by Hurricane Ian tax relief?

The Florida tax relief delays some individual and business deadlines beginning on September 23, 2022, until February 15, 2023. While the “Disaster Assistance and Emergency Relief for Individuals and Businesses” page on IRS.gov includes information about the affected deadlines, the agency listed the following affected deadlines in its news release:

  • October 17, 2022, individual extension filing deadline (does not apply to tax payments due April 18, 2022)
  • October 17, 2022, calendar-year corporation extension filing deadline
  • October 31, 2022, quarterly payroll and excise tax return deadline
  • November 15, 2022, calendar-year tax-exempt organization extension filing deadline
  • January 17, 2023, quarterly estimated income tax payment deadline
  • January 31, 2023, quarterly payroll and excise tax return deadline

Further, the IRS says that “penalties on payroll and excise tax deposits due on or after September 23, 2022, and before October 10, 2022, will be abated as long as the deposits are made by October 10, 2022.”

While these new deadlines are automatically granted to those with “an IRS address of record located in the disaster area,” some individuals who live out of state may be able to qualify, like relief workers. They will need to call the IRS number used for disaster-related assistance: 866-562-5227.

How does the dyed diesel fuel penalty relief work?

Dyed diesel fuel is typically only approved for usage that is exempt from excise tax, like off-road farm vehicles and heating homes. To help emergency workers responding to the situation in Florida, the IRS lifted the penalty for fuel sellers and highway emergency vehicle operators.

In a Friday news release, the agency outlined specifics of this relief:

  • This relief begins on September 28, 2022, and will remain in effect through October 19, 2022
  • The relief is available only if the operator or the person selling such fuel pays the tax of 24.4 cents per gallon that is normally applied to diesel fuel for highway use
  • The IRS will not impose penalties for failure to make semimonthly deposits of tax for dyed diesel fuel sold for use or used in an emergency vehicle on the highway in the state of Florida during the relief period

For more information about tax reporting and payment, see “Publication 510, Excise Taxes.”

Sources: “Hurricane Ian updates: Florida death toll climbs,” ABCNews.go.com; “Ian recovery efforts in the Southeast will be complicated: Live updates,” NPR.org; IR-2022-168; IR-2022-169

Story provided by TaxingSubjects.com

Prepare Now to Be Ready for Hurricane Season

Prepare Now to Be Ready for Hurricane Season

The US coastline is about to face the worst of the 2022 hurricane season, and many businesses within a day’s drive are taking steps to prepare. While weatherproofing buildings and fueling generators is important, for tax professionals, there are a few more simple steps to be sure your business is ready to weather the storm.

Try Drake Tax for free! Download now!

What steps should you take before a storm?

The first step is to protect your data. Back up your electronic files to flash drives or DVDs. Once complete, store the backup media in a waterproof container in a secure area. It is reasonable to make a second copy of your data and store in a safe, secondary location, just in case of catastrophic damage to your physical office.

Despite the electronic revolution, income tax preparation businesses generate a lot of paper documents and these, too, need to be stored in the waterproof containers – both on-site and offsite.

Keep in mind, though, that paper documents do not always have to remain on paper; you can scan them and keep those digital images in a lot less physical space than their paper equivalents. (Tools like Drake Documents, Drake Portals, and GruntWorx can help you smoothly make the transition to a practically paperless office.)

Other than client tax returns, what else should you save?

Property-specific documents such as deeds, titles, and insurance policies are a good choice, as are receipts for computers and other major office machine purchases that could be expensive to replace if they are damaged in a storm.

You’ll want to build a detailed inventory of the furniture and office machines in your office, detailing the various items, along with their model and serial numbers.

Remember, if your tax preparation office or its contents are damaged by a hurricane or other natural disaster, you’ll need these numbers to prove there has been a loss and pave the way for getting replacements.

If you’d like some help building your inventory, check out the IRS’s disaster preparation workbook: Publication 584-B.

What should you do after a storm?

The ability to access documents after a natural disaster is an essential part of the rebuilding process, highlighting the importance of reliable data backups. Depending on the level of damage to your business, rebuilding records could be your first and biggest job.

Your records will also be valuable when applying for federal assistance or insurance claims; some may come from companies or vendors you’ve dealt with. To check out what the process involves, review Reconstructing Records from the IRS.

More information is available!

For more information on disaster preparation and recovery for your income tax prep business, see these resources courtesy of the IRS:

September is National Preparedness Month. To learn more, visit Ready.gov.

Source: September is National Preparedness Month; IRS urges everyone to update and secure their records to prepare now for natural disasters

Story provided by TaxingSubjects.com

Know the Signs of Possible ID Theft

Know the Signs of Possible ID Theft

We all know that identity thieves aren’t letting up in their efforts to steal your clients’ personal information so they can file fraudulent tax returns. If anything, they’re picking up the pace. But how can you know your tax prep office has been a target?

Try Drake Tax for free! Download now!

What are the signs of identity theft tax refund fraud?

Identity thieves work in the shadows, so the evidence of their malicious work isn’t always obvious. But it is there if you know what to look for.

While any one of these symptoms may—or may not—mean your computer systems have definitely been compromised, they are indicators that need to be investigated:

  • Client e-filed returns rejected because client’s Social Security number was already used on another return.
  • More e-file acknowledgements received than returns the tax pro filed.
  • Clients responded to emails the tax pro didn’t send.
  • Slow or unexpected computer or network responsiveness such as:
    • Software or actions take longer to process than usual,
    • Computer cursor moves or changes numbers without touching the mouse or keyboard,
    • Unexpectedly locked out of a network or computer.

If you’ve had more than one of these indicators occur on your office system, it’s time to call a professional IT firm to confirm the root cause.

Client reports can help you spot identity theft

Your clients may also get an indicator that something is amiss. The Summit says you should be on the lookout for these warning signs:

  • IRS Authentication letters (5071C, 6331C, 4883C, 5747C) even though they haven’t filed a return.
  • A refund even though they haven’t filed a return.
  • A tax transcript they didn’t request.
  • Emails or calls from the tax pro that they didn’t initiate.
  • A notice that someone created an IRS online account for the taxpayer without their consent.
  • A notice the taxpayer wasn’t expecting that:
    • Someone accessed their IRS online account,
    • The IRS disabled their online account,
    • Balance due or other notices from the IRS that are not correct based on return filed or if a return had not been filed.

The upshot of all these indicators is that you, the tax professional, are the first line of defense against unlawful theft of your and your clients’ data.

When you see a pattern that doesn’t fit the circumstances, it’s time to investigate. Make sure you and your office have the best security possible, but don’t hesitate to get help if there’s a problem.

What should I do if I suspect data theft?

The first step toward recovery is to call the IRS, specifically the local IRS Stakeholder Liaison. They can notify IRS Criminal Investigation and other agency departments on your behalf. Do it IMMEDIATELY once data theft is confirmed; the IRS can move to block fraudulent returns in your clients’ names and can further assist you and your office staff.

Next, email the Federation of Tax Administrators for instructions on how to report information to your state and others where you e-file. Many times, states dictate that data breach information is reported to the state attorney general, and this may mean sending your information to multiple offices.

Once a data breach is identified, the IRS recommends tax pros identify and contact clients who may be affected by the breach and suggesting they acquire an IP PIN or, if necessary, file Form 14039, Identity Theft Affidavit.

Knowledge is power

The IRS website has a number of valuable resources available for tax professionals.

See Publication 5293, Data Security Resource Guide for Tax Professionals for an overview on avoiding data theft.

Help is also available from Publication 4557, Safeguarding Taxpayer Data, and from the Security Summit, a reminder about the importance of IP PINs.

Another vital piece of guidance comes from the National Institute of Standards and Technology, in Small Business Information Security: The Fundamentals.

Source: IR-2022-144

Story provided by TaxingSubjects.com

Security Summit Announces New Sample Security Plan

Security Summit Announces New Sample Security Plan

Most tax-season-preparation checklists include updating software, reviewing tax law changes, earning continuing professional education credits, and training seasonal staff. Creating or updating a written information security plan (WISP) is one often-overlooked item that should make everyone’s list. After all, tax professionals are required by the Federal Trade Commission’s Safeguards Rule to have one of these plans in place to protect client information.

Try Drake Tax for free! Download now!

Tax pros seeking help with a security plan for their office are in luck. The Internal Revenue Service announced the publication of a 29-page sample WISP by the Security Summit. Issued during the Summit’s “Protect Your Clients; Protect Yourself” educational outreach campaign, this document is the culmination of a months-long effort by the IRS, state departments of revenue, and tax industry.

Drake Software Director of Government Relations Jared Ballew currently serves as co-lead of the Security Summit Tax Professionals Working Group and is the incoming chair of the Electronic Tax Administration Advisory Committee. In the IRS news release, Jared explains that the Summit’s sample is an excellent resource for tax pros who need help creating a written information security plan for their office.

“There’s no way around it for anyone running a tax business,” he says. “Having a written security plan is a sound business practice—and it’s required by law. The sample provides a starting point for developing your plan, addresses risk considerations for inclusion in an effective plan, and provides a blueprint of applicable actions in the event of a security incident, data losses, and theft.”

It is important to note that this is not a one-size-fits-all document, and—as the WISP itself states—“it is not intended to replace your own research, to create reliance, or serve as a substitute for developing your own plan based upon the specific needs and requirements of your business or firm.” That said, the sample is written in plain language and designed to be flexible, so tax pros can easily adapt it for their office.

In addition to the download, the IRS recommends referencing documents like Publication 4557, Safeguarding Taxpayer Data; Publication 5293, Data Security Resource Guide for Tax Professionals; Identity Theft Central; and Small Business Information Security: The Fundamentals.

Source: IR-2022-147 

Story provided by TaxingSubjects.com

IRS Announces Tax Relief for Kentucky Flood Victims

IRS Announces Tax Relief for Kentucky Flood Victims

This summer, the country has been hammered by extreme weather—from oppressive heat waves to torrential rains. In response to deadly flooding in Eastern Kentucky, the Internal Revenue Service announced tax relief for counties the Federal Emergency Management Agency declared disaster areas.  

Try Drake Tax for free! Download now!

What is included in the Kentucky tax relief?

Deadlines for filing tax returns and making payments due on or after July 26, 2022, are pushed back to November 15, 2022, for declared disaster areas in Kentucky. Here are some of the deadlines affected by the tax relief:

  • August 1 quarterly payroll and excise tax returns
  • September 15 quarterly estimated income tax payments
  • October 17 individual extensions
  • October 31 quarterly payroll and excise tax returns

The IRS also notes they will abate “penalties on payroll and excise tax deposits due on or after July 26 and before August 10 … as long as the deposits are made by August 10, 2022.” Further, the agency says uninsured and unreimbursed losses from the flooding can be claimed on an individual or business return for either of the following years:

  • The year the loss occurred (in this instance, the 2022 return normally filed next year)
  • The return for the prior year (2021)

For more information about affected deadlines, visit “Disaster Assistance and Emergency Relief for Individuals and Businesses” on IRS.gov.

Who will receive this tax relief?

Taxpayers with a residence or business in declared disaster areas automatically receive this tax relief without taking any specific action. Currently, those counties include:

  • Breathitt
  • Clay
  • Floyd
  • Johnson
  • Knott
  • Leslie
  • Letcher
  • Magoffin
  • Martin
  • Owsley
  • Perry
  • Pike
  • Wolfe

As FEMA continues to assess the situation in Kentucky, they may add counties to the list of tax-relief beneficiaries. We will update this page if additional areas are announced.

Source: IR-2022-145

Story provided by TaxingSubjects.com