The Cybersecurity Threat, Burden, and Role of Tax Practitioners

Article in Bloomberg Tax – Tax Management Memorandum

Tax practitioners have learned that they possess something that a new breed of criminals, namely cybercriminals, desire—information. The storage of taxpayer data in the Cloud and on open network systems provides a competitive advantage to tax practitioners to access client information quickly and transmit data efficiently to the Internal Revenue Service and other state authorities on behalf of their clients. With this benefit comes a heightened risk that unauthorized individuals, especially cybercriminals, will have greater opportunity to intercept or steal the same information for their own unlawful devices. In the calendar year 2016, it was estimated that between $1.68 billion to $2.31 billion of federal income tax refunds reached identity thieves (including cybercriminals) unabated by defensive measures adopted by the IRS to stymie their illicit efforts. An estimated 740,000 to 810,000 tax returns were compromised.

Noted bank robber, Willie Sutton, offered a simple explanation of why he robbed banks by saying ‘‘That’s where the money is.’’2 Unlike in the days of Willie Sutton, today valuable items are stored in places other than banks, and cybercriminals may subvert valuable client data and utilize it to enter into illicit transactions, including filing unauthorized tax returns. The cybercriminals often target tax practitioners because they possess information such as client
names, addresses, birth dates, social security numbers, and bank account information—the basic data elements necessary to file a tax return. Collectively the information pursued is commonly referred to as personally identifiable information (PII). After acquiring PII from businesses via confederates with access to such information, either by purchase in the dark web marketplace for stolen data or infiltrating a tax practitioner’s information network, a cybercriminal may impersonate a known tax practitioner to file unauthorized returns. The stolen information may come from multiple places, including tax practitioners, and the cybercriminal may use the information for a number of illicit purposes, e.g., open new credit card accounts, securing mortgages, and filing tax returns, among others.3 The IRS refers to the filing of unauthorized tax returns as identity theft tax return fraud (IDTTRF). This article focuses primarily upon the specific class of unauthorized tax returns resulting from cyberattacks upon tax practitioners. The following table highlights several methods that identity thieves employ to acquire the necessary information from tax practitioners that lead to instances of IDTTRF.5

Click here to read the full article here.