How to Keep Clients Protected from Scammers During and After Tax Season

By Tyler Moffitt.

Tax season – an already stressful time for Certified Public Accountants (CPAs) – has been made even more stressful by tax scams. While digital services have improved the tax return experience and streamlined more mundane accounting tasks so CPAs can have more time to serve their clients, cybercriminals and groups have taken advantage of the technology shift to exploit tax returns and other digital tax documents.

For example, many CPAs and tax professionals use e-signatures to sign and send documents digitally, reducing instances of errors and speeding up time-consuming processes like auditing or reporting. The IRS itself accepts DocuSign eSignature as a valid form of identification and authentication. While DocuSign and similar digital accounting services provide many benefits, it’s important to consider the dangers they present, especially with tax season in full swing. OpenText Cybersecurity is seeing use cases where cybercriminals are taking advantage of the eSignature software by posing as DocuSign and luring users into following malicious links or opening corrupted files. As a result, clients have their sensitive information stolen.

This phishing attack is only one of many that tax professionals must look out for when using digital services. Phishing scams, which have also been carried out on platforms like PayPal, Google Docs and Facebook, are highly common. According to the FBI’s Internet Crime Report of 2023, phishing and spoofing were the most highly reported cyberattacks last year, with nearly 300,000 complaints filed with the Internet Crime Compliance Center.

As trusted financial professionals, CPAs are responsible for safeguarding their clients’ sensitive information and ensuring compliance with tax laws. Here are some security tips to offer your clients and organization to keep their information protected and secured this tax season and beyond:

Exercise Caution with Too-Good-To-Be-True Offers: Cybercriminals often target tax filers with promises of free tax calculations, low-cost tax preparation or enticing tax rebates. If an offer seems too good to be true, it likely is a scam that should be avoided.

Enhance Identity Protection: Adopt antivirus software that provides comprehensive device and identity protection to safeguard your privacy under all circumstances.

Avoid Sharing Sensitive Information via Email: Due to the limited security features of email platforms, sharing private information through them can easily be exploited by threat actors. Instead, use a secure file sharing service that offers two-factor authentication and password protection.

Beware of Redirects to Malicious Sites: Cybercriminals often attempt to divert tax filers to harmful websites. Ensure you are visiting the intended site directly without using third-party links. URL protection from your security solution is also a must.

Ensure Your Tax Preparer Adheres to Security Best Practices: The risk can sometimes stem from the tax preparer themselves. Employ services that prioritize client data protection and communicate the measures you take to keep client information secure.

Regularly Update Protection Software: The first line of defense against cybercriminals is to maintain updated security software and essential applications. An infection can compromise all information on a device, making it vulnerable to theft or breach. Out-of-date applications and plugins can create massive headaches if left unchecked.

Clients are constantly facing the risk of encountering tax scams, even outside of the annual tax season, as digital threats evolve. It’s important to remain vigilant by staying informed and building up defenses against attacks.

To learn more about security threats facing the tax industry, visit the IRS warning page for taxpayers.

Tyler Moffitt is senior security analyst at OpenText Cybersecurity.