You are using an older browser version. Please use a supported version for the best MSN experience.

How cyber criminals are now targeting tax pros to cash in on fraudulent returns

CNBC logo CNBC 4/16/2018 Jennifer Schlesinger

© Geber86/E+/Getty Images  

The deadline to file your taxes is rapidly approaching, but cyber criminals have already been hard at work trying to cash in with fraudulent tax returns.

This tax season, experts say instead of targeting individual tax payers, scam artists are targeting tax professionals.

"One of the challenges that we're seeing this year is that as tax professionals and the I.R.S. have become more and more sophisticated, so too have the adversaries," said Caleb Barlow, IBMIBM Security's vice president of threat intelligence.

Tax fraud is big business for cyber criminals. Last year Internet crimes netted the perpetrators $445 billion, with tax fraud as a primary focus, according to IBM Security, which monitors cyber crimes.

"We had about 75 tax professionals report that they had been victims of some sort of a tax payer breach. So that unfortunately is a 60 percent increase for the same period of time last year," said Cecilia Barreda, an I.R.S. spokeswoman.

The I.R.S. can recognize if a computer of an individual is filing too many tax returns, and will stop them for likely being fraudulent. But the agency expects tax professionals to file dozens, if not hundreds of tax returns on behalf of their clients.

"If they [cybercriminals] can compromise a tax professional, they get access to two key things. One is the private information of that tax professional's clients that can be used to file tax returns on their behalf," Barlow said.

"And in addition to that, they can use the IP address and the computer of the tax professional to actually do the filing with the I.R.S.," he added. 

'Owned by the adversary'

CNBC Tech report phishing © Provided by CNBC CNBC Tech report phishing

Here is how the scam works: Cyber criminals target tax professionals with what is known as phishing — spam email that seems legitimate, but contains links or attachments laden with malware.

"The minute that you click on that link, well, then you're owned by the adversary. And what this often means is that they can take control of that system that's normally used by that tax professional," Barlow said.

Once a tax professional's computer is compromised, an attacker can steal the numbers and log-in information they use to file.

"It's an I.P. address we seen before, it's a signature of a computer we seen before. We know it's a tax professional, so they are going be submitting lots of returns," said Barlow.

This year's tax season may be the perfect storm. With a new tax code coming in this year, there has been extra confusion.

"This is kind of a perfect storm where you have a lot of misinformation, a dearth of information, and these new techniques that are being widely used by these criminals looking for compromised computers belonging to tax prep professionals," said Roman Sannikov, the director of European research and analysis for Flashpoint, a cybersecurity company.

He added that "they can use to not only steal information, but also to file these returns in a much more successful way."

However, the I.R.S. says tax fraud happens all the time. "I wouldn't go as far as saying the changes in tax law or tax reform are necessarily contributing to this problem. This is something that we see all the time," said the IRS's Barreda.

Fraudsters often sell the tax pro information on the Dark Web. Flashpoint's Sannikov showed CNBC forums where cyber criminals share tax fraud information.

"There are thousands, probably hundreds of thousands, of services that are selling this information on the deep and dark web," he said.

And catching the scam artists is difficult.

"It's kind of a no lose crime a lot of times for these individuals because a lot of times the individuals who are actually perpetrating the fraud are located outside of the United States, frequently outside of jurisdictions that work with the United States. So it's much harder for the long arm of the law to get these individuals to apprehend these individuals," Sannikov said.

Practice good 'cyber-hygiene'

Tax professionals are aware of the issue. "We try to tell our members on a regular basis, even weekly this time of the year, is go out and check your EFINs [tax pro number]. See how many returns are being filed," said Larry Gray, a CPA, who is also the government liaison for the National Association of Tax Professionals (NATP).

Additionally, tax professionals should educate everyone in their firm to beware of emails, and never click on links or attachments they did not request.

Both tax professionals and individuals should practice good cyber-hygiene, such as installing anti-virus and anti-malware software, using strong passwords, and encryption data to stay safe from tax fraud.

Barlow also recommends that consumers use a different email address for banking and taxes.

"Have all of those kind of official business things you do in a separate email address, where you're not buying things, and that email address isn't full of spam and things that you're accidentally going to click on," he said.

And individuals should not be afraid to ask questions of their tax pro.

"It's completely appropriate to ask your tax professional how they're protecting your information, where they back it up, you know, what types of protocols they have in place on what information they'll send you via email, as an example, and what they won't do," Barlow said.On the Money airs on CNBC Saturday at 5:30 am ET, or check listings for air times in local markets. 


More from CNBC

image beaconimage beaconimage beacon