As the US tax season kicks off, the Internal Revenue Service (IRS) has warned accountants and taxpayers to enable two-factor authentication (2FA) features available in tax-preparation software products.
Scammers, of course, know that the US tax season is ripe with opportunity, so the IRS has dispensed information security advice to protect taxpayers and accountants from the theft of tax information. Scammers can use tax data to file fraudulent tax claims enabled through phishing email and malware-laden attachments.
The IRS says it's received nearly two dozen reports from accountants about data theft in the past two months. So it's encouraging the use of multi-factor authentication as a "free and easy way" to protect clients and practitioners' officers from data theft, and it points out that tax software providers do offer free multi-factor options too.
Multi-factor authentication can help in the event a credential is compromised by requiring the person accessing an account to not only type in a username and password, but also have physical access to a second factor, like a token or a smartphone that receives a security code.
The IRS called out for multi-factor authentication with its Security Summit Partners, which includes state tax agencies, tax preparation firms, software developers, payroll processors, and banks.
The IRS Security Summit partners have been collaborating since 2015 to combat tax fraud with a focus on authentication, combating criminals' access to bank accounts, and raising awareness of cybersecurity issues.
SEE: 10 tips for new cybersecurity pros (free PDF)
"The IRS, state tax agencies and the private-sector tax industry have worked together as the Security Summit to make sure the multi-factor authentication feature is available to practitioners and taxpayers alike," said Kenneth Corbin, commissioner of the IRS wage and investment division.
"The multi-factor authentication feature is simple to set up and easy to use. Using it may just save you from the financial pain and frustration of identity theft."
Industry partners include Thomson Reuters, which offer multi-factor authentication for users of its CS Professional Suite accounts.
The IRS urges taxpayers and tax practitioners to always enable multi-factor authentication when it is available, for example on Gmail or Outlook accounts. But it says consumer should especially enable it for tax software products due to the sensitivity of the information held in the software or online accounts.
The agency also reminded tax software professionals to be cautious of phishing email, warning that scammers may claim to be a potential client, a cloud storage provider, a tax software provider or the IRS.
The main goal of tax-fraud scammers is tricking the tax professional into downloading attachments or opening links that lead to malware that can exfiltrate sensitive client data to a remote server.