Identity thieves may target you and your CPA just in time for tax day

It's the time of year when identity thieves make their big push — right around tax time.

Tom Conway has had a “few clients” this year who have received suspicious phone messages and emails “attempting to get them to call a phone number. The caller alleges that there is tax due and the IRS is in the process of escalating recovery of the debts owed to them,” said the Ardmore-based accountant and tax preparer.

He advises them to just hang up.

The Internal Revenue Service, state tax agencies and the tax preparation industry are warning taxpayers — and their accountants — about another new scam in which “phishing” emails purport to come from tax software providers.

The scam email carries the alarming subject line: “Access Locked.” The message informs tax preparers that access to their software has been “suspended due to errors in your security details,” according to an alert in February from the PICPA, the Pennsylvania Institute of Certified Public Accountants.

Insurance companies also report that CPAs’ tax software has been hacked, redirecting client refunds and direct deposits of refunds to the criminals' banks, according to a local lawyer who counsels the accounting industry on liability.

Jonathan Ziss, a lawyer with Goldberg Segalla in Center City, said: “I’m aware of a wide variety of hacking scams, and tactics that are targeting all enterprises. Let’s face it, the CPA community is at risk because that’s where the money is, including sensitive data and electronic funds transfers and refunds.”

Tax preparers are “as vulnerable as any other segment. That said, the CPA community has always been very attentive to data security and tech-savvy regardless of age. They embrace encryption early on,” Ziss said.

What do you do if you're a CPA who has been hacked? Contact local law enforcement as well as the FBI, the IRS and state level tax authorities, Ziss recommends.

He'll be hosting a webinar for accountants titled “When CPAs Are the Target of Hacks: Knowing Your CyberSecurity Responsibilities and Risks” on the PICPA's website (picpa.org) on Monday, April 24.

Taxpayers need to practice the same vigilance by always checking to make sure that any email is from a legitimate person, said Howard Silverstone, director of Forensic Resolutions Inc., in Haddonfield.

“I always tell my clients, the Internal Revenue Service never calls asking for money — especially not now, right before the April 18 tax-filing date. It will always send a letter in the mail,” said  Conway.

“Only in the rarest instances will the IRS accept an email from a taxpayer and that’s usually only they have a tax power of attorney and verified the email address. I also encourage taxpayers to take a few minutes and go to IRS.gov and click on “Scams” in the center of the page, which outlines many of the current issues,” Conway said.

The IRS, along with state tax agencies and the tax-preparation industry, are warning of last-minute “phishing” attempts, especially emails requesting deposit changes for refunds or account updates. If you receive one, don’t open the email, and certainly don’t respond.

Get an extension, or make a payment. Taxpayers seeking extensions can download, print and file a paper Form 4868 from IRS.gov/forms. The form must be mailed to the IRS with a postmark on or before April 18. An extension of time to file is not an extension of time to pay, however; you must submit an estimated tax payment with Form 4868.

To get a filing extension, taxpayers also can use Free File. Or they can pay all or part of the estimated income tax due and indicate that the payment is for an extension using Direct Pay, the Electronic Federal Tax Payment System (EFTPS), or a credit or debit card.