Security Summit Warns of New Phishing Email Targeting Tax Pros

 

The IRS, state tax agencies and the tax industry today warned tax professionals to beware of phishing emails purporting to be from a tax software education provider and seeking extensive amounts of sensitive preparer data.

The email’s origin is unknown but likely issued by cybercriminals who could be operating from the U.S. or abroad. The email is unusual for the amount of sensitive preparer data that it seeks. This preparer information will enable the thieves to steal client data and file fraudulent tax returns.

The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.

All tax professionals should be aware that their e-Services credentials, the Electronic Filing Information Number (EFIN), the Preparer Tax Identification Number (PTIN) and their Centralized Authorization File (CAF) number are extremely valuable to identity thieves.Anyone handling taxpayer information has a legal obligation to protect that data.

Because the IRS, state tax agencies and the tax industry, acting in partnership as the Security Summit, are making inroads on individual tax-related identity theft, cybercriminals increasingly target tax professionals. Thieves are looking for real client data so they can better impersonate the taxpayer when filing fraudulent returns for refunds.

The fake email uses the name of a real U.S.-based preparer education firm. Here’s the text as it appears in phishing emails being sent to tax professionals: In our database, there is a failure, we need your information about your account.

In addition, we need a photo of the driver’s license, send all the data to the letter. Please do it as soon as possible, this will help us to revive the account.

*Company Name *

*EServices Username *

*EServices Password *

*EServices Pin *

*CAF number*

*Answers to a secret question*

*EIN Number *

*Business Name 

*Owner/Principal Name *

*Owner/Principal DOB *

*Owner/Principal SSN * 

*Prior Years AGI 

Mother’s Maiden Name

If you received or fell victim to the scam email, forward a copy to phishing@irs.gov. If you disclosed any credential information, contact the e-Services Help Desk to reset your password. If you disclosed information and taxpayer data was stolen, contact your local stakeholder liaison.

Advertisements

Cyberduck | Libre FTP, SFTP, WebDAV, S3, Backblaze B2 & OpenStack Swift browser for Mac and Windows

SCIENCE
With the proliferation of services to store files online (e.g. Dropbox, Google Drive, OneDrive, etc.) has come a proliferation of client software for interacting with those services. Cyberduck is a file manager that supports the most popular file storage services. It also supports common protocols like FTP, SFTP, and WebDAV. In addition, Cyberduck can make use of an external editor to provide editing of remote files (e.g., to edit a static website). Users of Amazon’s Simple Storage Service (S3) will find integrated support for the extended features of S3 like file versioning, bucket lifecycles, access control lists, and multi-part uploads. Cyberduck’s integrated support for Cryptomator encryption can encrypt files before uploading them to cloud storage for additional security. Users of multiple services may appreciate Cyberduck’s bookmarking feature. Cyberduck is available for macOS and Windows. [CRH]

Attacks on secret informants spur federal courts to consider limiting PACER access–ABA Journal

The federal judiciary is considering blocking public online access to criminal court records on PACER to prevent inmates from learning information about confidential informants.

The idea is one of several under consideration as the U.S. Judicial Conference considers the impact of disclosure, the Wall Street Journal (sub. req.) reports.
A recent survey (PDF) of federal judges, prosecutors, defenders and probation offices by the Federal Judicial Center found that nearly 700 witnesses and informants perceived as snitches had been threatened, wounded or killed over a three year period.

U.S. District Judge Lewis Kaplan of Manhattan told the U.S. Judicial Conference’s criminal rules committee in April that PACER is part of the problem, according to the Wall Street Journal account. Though federal inmates don’t have PACER access, they often get information from others.

“Anonymous remote public access to PACER is a source of much of the information that gets into prisons about who is cooperating,” Kaplan said.

Read more…