By Tyler Moffitt.
CPAs play an increasingly crucial role during tax season—not just by navigating tax filings and compliance but also by helping clients safeguard their most sensitive financial data from cyber threats. Cybercriminal activity like phishing emails, fake IRS scams and malware-infected software ramp up during this period, targeting both businesses and individual filers.
Tax season, alongside the holidays, consistently ranks among the highest periods for phishing spikes and cyberattacks. Aas clients gather, share and digitize tax documents, they become prime targets for cybercriminals seeking Social Security numbers, bank account details and other personal data. A single compromised piece of information can lead to fraudulent refunds, identity theft and long-term financial repercussions.
As trusted financial advisors, CPAs must be proactive in educating and guiding their clients through tax complexities while ensuring their financial data remains secure. Here are a few essential security measures we can offer our clients to help keep their information secure:
Ignore IRS Calls & Emails: The IRS does not email, text or call demanding payment or personal information. If action is required, they will send a letter.
Verify Tax Software Sources: Tax prep software should only be downloadedfrom official providers to avoid malware-infected versions. Downloading software from unverified or “free” sources can expose clients to malware-infected versions.
Use Multi-Factor Authentication (MFA): Encourage clients to enable MFA on tax-related accounts to add an extra layer of protection against unauthorized access. Even if a cybercriminal gains access to a password, they will not be able to access the account without the second authentication factor.
Check IRS.gov for Official Notices: Fraudulent tax notices and scam emails designed to mimic IRS correspondence are common. Clients should be encouraged to independently verify any suspicious tax-related messages by visiting the official IRS website.
Cyber threats are becoming more sophisticated each year, and tax season remains a prime time for malicious actors to strike. As CPAs, it’s essential to recognize that your guidance doesn’t stop at numbers and deductions—it extends to helping clients understand and mitigate the cybersecurity risks that come with managing and sharing sensitive financial data.
From warning clients about phishing scams and IRS impersonators to steering them toward secure tax software and robust protection strategies, these steps can make a major difference in ensuring your clients’ security. Tax season serves as an important reminder to clients that good cybersecurity habits are just as important as good financial ones, especially during a season when both are put to the test.
To stay informed on the latest security threats facing the tax industry, visit the IRS warning page for taxpayers.
Tyler Moffitt is a Sr. Security Analyst and Community Manager for OpenText Cybersecurity. During his 10-year tenure as a senior threat analyst, Tyler focused on improving the Webroot experience through his work directly with malware samples, creating antimalware intelligence, writing blogs, and presenting at conferences. Tyler now has a unique role in marketing and is a Threat Intelligence data liaison to the entire OpenText Cybersecurity division. Tyler presents live and in person: Webinars, Podcasts, Conferences, Reporter interviews, Expert Panelists and Partner updates. Tyler also provides core content for whitepapers, threat reports, infographics, marketing campaigns and training.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
