The IRS is making efforts to reduce tax return identity theft. At the start of tax season this year, the agency announced it had already prevented issuing more than $300 million in fraudulent refunds, representing nearly 98 percent of all attempts — and that it would continue to invest more resources into countering such crimes.
It’s not just a seasonal issue. Every day, accountants are tasked with carefully handling some of a client’s most personal and important information. That’s why our commitment to privacy and data protection remains absolute. Here’s what our experts at SBF want you to know about identity theft, protective measures and how to respond if the worst happens.
Spotting trouble
Identity thieves have plenty of tools at their disposal, and not all of them are technological.
1. Phishing tries to trick clients into providing sensitive information such as usernames, passwords or social security numbers. Attackers might send fraudulent emails or create fake websites that resemble legitimate accounting platforms or communication channels to deceive clients.
2. Social engineering uses our trust in people or institutions to manipulate individuals into divulging sensitive information. An identity thief might impersonate an accountant, client or other trusted parties through phone calls, emails or other communication methods to gain access to confidential information.
3. Finally, hackers can use malware, such as keyloggers or remote access tools, to gain unauthorized access to accounting systems. They may exploit vulnerabilities in software or networks to install malware or directly hack into the system to steal sensitive data.
Warning signs
If your business or personal information has been compromised, it’s usually possible to spot fraud, often through automatic systems already available through your bank or credit service. Here are some common signals that something has gone wrong.
1. Unauthorized financial transactions: Clients may notice unauthorized charges on their credit or debit card statements, withdrawals from their bank accounts or unfamiliar transactions in their financial accounts.
2. Inaccurate financial information: Clients may find unfamiliar accounts or loans listed on their credit reports, incorrect balances or unfamiliar addresses associated with their accounts.
3. Unexpected changes in credit score: Monitoring credit scores regularly can help identify sudden drops or changes that could indicate fraudulent activity.
Dealing with identity theft can involve significant stress, frustration and time-consuming effort to resolve the issues. Victims may need to work with law enforcement, credit bureaus, financial institutions and other entities to restore their identity and rectify any financial damages. Identity theft can also harm an individual’s reputation, especially if the thief engages in illegal activities using the victim’s identity. It may take time and effort to clear one’s name and restore trust.
Moreover, once an identity is compromised, there is a risk of ongoing fraud and additional fraudulent activities occurring over time if not promptly addressed. That’s why prevention should always be top of mind.
Effective triage
If you suspect that your personal or business information has been compromised, it’s essential to take immediate action to mitigate the potential damage.
1. Act quickly: Time is of the essence. The sooner you take action, the better chance you have of minimizing the impact.
2. Contact financial institutions: Reach out to your bank, credit card companies and any other financial institutions where you hold accounts. Inform them about the suspected identity theft and inquire about any unauthorized transactions. They can freeze your accounts or take other necessary measures to protect your finances.
3. Update security measures: Review and enhance the security measures for your online accounts. Use strong and unique passwords and consider using a password manager to securely manage your credentials. Enable multifactor authentication (MFA) where available; this is a multistep account login process that requires users to pair additional identifying information with a password. For example, users might be asked to enter a code sent to their email, answer a secret question or scan a fingerprint.
Proactive approaches
Accountants play a crucial role in safeguarding their clients’ identifying information and assisting the cleanup process after a breach. Here are some signs that your CPAs are doing right by your privacy.
1. Secure data handling: Accountants should follow robust data security practices, such as encryption of sensitive client information, strong password policies, regular software updates and secure backup procedures. They should also restrict access to client data on a need-to-know basis and educate employees about best practices.
2. Engage security professionals: Accountants can collaborate with IT and cybersecurity professionals to assess and strengthen their security infrastructure. These experts can help implement advanced security measures, conduct penetration testing and provide ongoing monitoring and support.
3. Use secure communication channels: Accountants should encourage clients to use secure communication channels, such as encrypted email or secure client portals, for sharing sensitive documents or information. Unsecured communication methods, like regular email, should be discouraged for transfer of sensitive data.
High standards
At SBF, we offer best-in-class training to all employees on security best practices, both online and otherwise. Data hygiene is baked into our daily processes, thanks to strict training for both accountants and staff.
We rely on services like SafeSend to automate and encrypt our communication and document transfers with our clients, as well as additional layers of protection, such as multifactor authentication. From protocols to ensure client information doesn’t comingle on a desk to hands-on dynamic phishing simulations, SBF employees are committed to protecting our clients’ privacy.