Skip to content
Data Security

IRS Warns Tax Pros About Scams, Urges Additional Security Steps to Protect Taxpayer Data

Thomson Reuters Tax & Accounting  

· 5 minute read

Thomson Reuters Tax & Accounting  

· 5 minute read

In an Information release, the IRS has warned tax professionals of an upswing in data thefts related to the delivery of Economic Impact Payments and urged tax professionals to take additional security steps to protect taxpayer data.


The Coronavirus Aid, Relief, and Economic Security Act (CARES Act, PL 116-136) was enacted on March 27, 2020 in response to the President’s emergency declaration in connection with the novel coronavirus (COVID-19) (coronavirus emergency). As part of the relief provided by the CARES Act, taxpayers will begin receiving Economic Impact Payments the week of April 12, 2020. See IRS releases details on receiving coronavirus economic impact payments (04/01/2020).

IRS urges additional security.

In the Information Release, the IRS has warned tax professionals to take additional steps to protect taxpayer data as the IRS, state tax agencies, and the tax industry continue to see an upswing in data thefts from tax professionals. The IRS urges tax professionals to take the following security precautions:

  • Use a virtual private network (VPN). According to the IRS, all tax professionals should be using an encrypted VPN. Using a VPN can foil cybercriminals who can use an unsecured network to steal data from a tax professional’s computer. While the IRS can’t recommend a VPN provider, the IRS does recommend that tax professionals ask trusted colleagues or search for “Best VPN” to find a legitimate vendor. The IRS cautions tax professionals not to fall for “pop-up” adds on websites for VPNs or other kinds of security software because those generally are scams.
  • Use multi-factor authentication. The IRS also urges tax professionals to use tax software with multi-factor authentication. Multi-factor authentication means a returning user to the tax software must enter not only their username and password but also a security code, usually sent as a text to a mobile phone. Multi-factor authentication helps to protect a tax software account from being breached and client data from being stolen. According to the IRS, tax professionals whose tax software provides multi-factor authentication should activate this feature immediately.
  • Avoid phishing scams. The IRS urges tax professionals to avoid the phishing scams cybercriminals are using to steal taxpayer data. According to the Information Release, identity thieves have stepped up phishing scams related to the delivery of the Economic Impact Payments provided by the CARES Act. The IRS warns tax professionals to beware of emails from unknown individuals posing as potential clients who may use the email to trick the tax professional into opening a link or attachment that contains malware. These criminals may also impersonate tax software providers, cloud storage providers, banks and others, including the IRS. These criminals’ emails generally have an urgent message, e.g., “your account password has expired,” and direct the email recipient to a link or attachment. Taxpayers can report suspicious email from anyone posing as the IRS to
  • Watch out for IRS impersonation scams. The IRS urges tax professionals to watch out for IRS impersonation scams. The IRS notes that it will not call, email or text anyone about Economic Impact Payments. Anyone receiving an IRS impersonation scam email should forward it to
  • Security software. The IRS reminds tax professionals that they should be using broad-based security software that protects their computers, tablets and mobile phones from malware. According to the Information Release, good security will identify and stop potentially dangerous malware that can infect individual devices as well as the networks the devices are connected to. Tax practitioners should review the security measures outlined in IRS Publication 4557, Safeguarding Taxpayer Data, for more information.

To continue your research on identity theft and other security issues, see FTC 2d/FIN ¶T-10164.5; United States Tax Reporter ¶ 61,034.0513.


Subscribe to our Checkpoint Daily Newsstand email to get all the latest tax, accounting, and audit news delivered to your inbox each weekday. It’s free!

More answers