 
 Tax professionals have been in the crosshairs of cybercriminals for some time now, and it’s only getting worse. Now, the crooks are casting their nets, not only for client data, but to snare vital data of the tax pros themselves.
The Internal Revenue Service says this newest group of targets include the tax professional’s Electronic Filing Identification Number, or EFIN.
This sets up a very scary scenario: If just one tax practitioner is compromised by a hacker or an identity thief, the effect is like tossing a rock into a pond. The initial impact may be thought to be small, but the resulting waves take in a lot of ground as they spread.
One tax office breach can lead to the theft of data for thousands of taxpayers.
Protect yourself from cybercriminals
One of the best ways to protect against illegal activity is actually very simple: Check your IRS e-Services account regularly, to see how many federal returns have been submitted using your EFIN. It’s a vital safeguard that shouldn’t be overlooked during tax season.
If the number of returns shown online doesn’t agree with the tax pro’s records—or if anything else seems suspicious—they should call the IRS e-help desk at 866-255-0654.
Tax pros who don’t already have an e-Services account can go online to e-Services on IRS.gov and register for one.
Beyond checking one’s EFIN, there are a number of “best practices” we should all be using to keep data secure. These include using strong anti-virus software, insisting on strong and unique passwords, and using two-factor authentication whenever possible.
But that’s not all:
- Learn to recognize and avoid phishing scams; do not open links or attachments from suspicious emails, most data thefts begin with a phishing email.
- Secure all devices with security software and let it automatically update.
- Use strong passwords of eight or more mixed characters; use phrases that are easily remembered, and password protect all wireless devices.
- Encrypt all sensitive files and emails and use strong password protections.
- Backup sensitive data to a safe and secure external source not connected fulltime to the network.
- Wipe clean or destroy old computer hard drives that contain sensitive data.
For more information on keeping EFINs secure, check out Publication 3112, IRS e-file Application and Participation; and Publication 1345, Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns.
Source: Tax Tip 2021-182
