Don’t Take the Bait – Account Takeovers

Account takeover tactics are the topic for the second installment of the 10-week IRS series “Don’t Take the Bait”, which focuses on security updates for tax professionals. The article, published on July 18, warns tax professionals to be alert as account takeovers by cybercriminals are on the rise.

“Account takeovers occur when a thief manages to steal or guess the username and password of a tax professional, enabling access of their computers or their other online accounts,” explains the article. Javelin Strategy and Research, which is responsible for conducting an annual identity fraud report, released the 2017 version, which reported a surge in account takeover incidents in 2016—a 31% increase from 2015.

Here’s how account takeovers work, according to the IRS article:

  1. Thieves peruse websites and social media for clues about tax preparers’ email address and business activities.
  2. Posing as a familiar organization, such as the IRS e-Services or a private-sector tax pro software provider, the thieves send a spear phishing email (see Don’t Take the Bait, Step 1: Avoid Spear Phishing Emails).
  3. Upon obtaining credentials from a tax professional, thieves can access accounts and steal information which they can use either to file fraudulent tax returns or sell to other criminals.

The article lists numerous tactics for protecting clients and businesses from account takeovers:

  • Educate employees about spear phishing and account takeovers.
  • Always use strong, unique passwords.
  • Employ the strongest encryption software available.
  • Employ malware/phishing software protection.
  • Whenever possible, use two-factor authentication.
  • Check Electronic Filing Identification Number (EFIN) counts weekly for discrepancies in the number of filed returns.
  • Always report phishing emails to the IRS.
  • Report any security incidents immediately.

For more details, read the article in full at