Skip to Content

November 17, 2021


Cybercriminals increasingly target tax preparers

Tax professionals must take the necessary steps to safeguard sensitive customer information. But during the pandemic, cybercriminals have intensified their attempts to get that private data.

The IRS says identity thieves target tax preparers through phishing scams and other tricks. With the 2022 tax season around the corner, these businesses should take steps now to prevent security breaches.

Six basic protections against cybercriminals

Any security breach can be devastating to tax pros and their customers. The Security Summit teams public and private tax experts, including software developers and tax pros, to protect the nation’s taxpayers. The group issued its “Security Six” – measures that can protect taxpayers and tax pros:

  1. Use anti-virus software and update it automatically on all digital products, including computers and smartphones.
  2. Use firewalls to protect against outside attacks, although they don’t protect against malware downloaded by accident.
  3. Use multi-factor authentication to protect all online accounts.
  4. Backup client data and all sensitive information saved on outside storage, such as external hard drives or the cloud.
  5. Tax pros should consider encryption products for all sensitive data.
  6. Install a virtual private network (VPN), especially as more tax preparers work from home during the pandemic.

A popular tactic by cybercriminals is a phishing email designed to gain your Electronic Filing Identification Numbers (EFIN). Criminals are adept at making these emails look official while encouraging you to click on a link to what looks like a trusted source. It’s crucial to never click on any suspicious link.

Drafting a security and data theft plan

Federal law requires tax professionals to draft an information security plan. They must also have emergency protocols in place in case of a breach and data theft. If you receive a bogus or suspicious email, you should save it as a file and email it as an attachment to or contact your network administrator if you’re unsure.