Ransomware targeting tax professionals on the rise, IRS says

Ransomware targeting tax professionals on the rise, IRS says

(Piotr Adamowicz, Shutterstock)

Save Story
Leer en español

Estimated read time: 4-5 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY — The IRS is warning professional tax preparers to be aware of hackers using cyberattacks to extort money to keep sensitive information private after announcing that a handful of tax practitioners have been victimized by ransomware.

The warning aimed at tax professionals stated that ransomware attacks are on the rise globally as criminals in the U.S. and abroad hack computer systems and hold sensitive data hostage using sophisticated infiltration schemes.

The FBI recently noted that ransomware attacks are becoming more pervasive as an evolving crime threat to the private and public sectors as well as individuals. In response, a new effort called the “Don’t Take the Bait” — a 10-week security awareness campaign for tax professionals — aims to heighten awareness about these harmful attacks, explained IRS Commissioner John Koskinen.

“Tax professionals face an array of security issues that could threaten their clients and their business,” he said. “We urge people to take the time to understand these threats and take the steps to protect themselves. Don’t just assume your computers and systems are safe.”

The IRS described ransomware as malware that infects computers, networks or servers and encrypts data. Cybercriminals then demand a ransom to release the data, a release stated. Users generally are unaware that malware has infected their systems until they receive the ransom request.

"Don’t click on suspicious links or open attachments contained in unsolicited e-mails," warned Special Agent Mark Roberts of the FBI's Salt Lake City field office.

The FBI also recommends implementing prevention and continuity measures to reduce the risk of a successful ransomware attack.

In Utah, the issue of ransomware among tax professionals has been a matter of concern for some time, said Susan Speirs, chief executive officer of the Utah Association of Certified Public Accountants.

“It’s very real and it's ‘hot’ in Utah,” Speirs said. “(When I was in private practice), that was my biggest worry — security, ransomware, having the firewalls built up.”

She noted that CPAs deal with very sensitive personal information on a constant basis and the threat of breaching the security of that data is potentially catastrophic.

“My computer held thousands of Social Security numbers, addresses and other pertinent information. It would be a ‘gold mine’ (for criminals),” she said.

“The IRS will never send you an email to collect money and we see people falling for that all the time. We all need to be aware.”

Since being at the association, following 28 years in private practice, she has had numerous firms acknowledge being hacked through phishing and ransomware attacks, including some scammers impersonating the IRS.

“The best thing you can do is make sure you have a good (information technology) person on your team,” Speirs said. “Gone are the days where you could just ‘muddle through’ it on your own,” she said. “You’ve got to make sure you’ve got a professional and make sure you’re doing the (system and software) updates.”

She noted that even professionals can be fooled by some ‘official’ looking email correspondences, but those should always raise a red flag.

“The IRS will never send you an email to collect money and we see people falling for that all the time,” she said. “We all need to be aware.”

Meanwhile, the FBI also warned that ransomware is evolving and cybercriminals can infect computers by other means, including links that redirect users to websites that corrupt their computers. The IRS warns victims not to pay a ransom because paying it further encourages the criminals and the scammers frequently do not provide the decryption key even after a ransom is paid.

Roberts said victims should reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center.

Info Box

Ransomware precautions

  • Regularly back up data and verify the integrity of those backups.
  • Secure your backups.
  • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
  • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
  • Disable macro scripts from files transmitted via e-mail.
  • Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
Source: Federal Bureau of Investigation

Related stories

Most recent Utah stories

Related topics

Jasen Lee


    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the KSL.com Trending 5.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

    KSL Weather Forecast