September 2, 2016

The IRS warned tax practitioners on Friday of a new wave of cyberattacks that allow criminals to remotely access practitioners’ computers and file fraudulent tax returns. The attacks come as practitioners prepare for the Oct. 17 extended filing deadline for individual returns; the IRS reported similar attacks before the April 15 deadline.

The IRS says that the attacks allow thieves to take control of practitioners’ computers, access client data, and complete and e-file tax returns, directing the resulting refunds into the criminals’ own accounts. Victims become aware of the attacks when reconciling e-filing acknowledgments.

“This latest incident reinforces the need for all tax professionals to review their computer settings as soon as possible,” IRS Commissioner John Koskinen warned in a prepared statement.

The IRS recommends that tax practitioners monitor their preparer tax identification number (PTIN) accounts for suspicious activity. It has posted a webpage with instructions on how to do that. (Note that practitioners must have filed at least 50 returns in the 1040 series in the current year in order to be able to monitor how many returns have been filed using their PTIN.)

The IRS also recommends that practitioners review any software used by employees to remotely access the firm’s network or that is used by IT support vendors to remotely troubleshoot technical problems and support IT systems because remote access software is a potential vulnerable point criminals can use to gain entry and take control of a machine.

—Alistair Nevius (anevius@aicpa.org) is the JofA‘s editor-in-chief, tax.