SHARE:

Everyone has been hacked, FBI Supervisory Special Agent Martin E. Hellmer told the NASBA Annual Meeting. He warned all not to trust e-mail, as it is too easy to fake, and advised all to train and test their employees to be alert to such schemes. He also recommended that best practice is for everyone to consider what information needs to be on-line and what does not.

If an American travels to China, or any country on the Department of State’s threat list, they should expect their computer will be searched, Mr. Hellmer cautioned. He suggested bringing a fresh laptop and/or cellphone when going to such places as protection against technology thefts. He also warned that intelligence officers are looking to grab information about individuals through sites such as LinkedIn.

Someone can learn how to hack in two hours via on-line instruction, then get the tools free on-line to hack, and get away with more money than they would by actually going into a bank and robbing it, Mr. Hellmer pointed out. The FBI is not worrying about hackers now, but is more concerned with national security threats, he said.

Last year the IRS saw an increase of 30 percent in data breaches for tax preparers, IRS Tax Specialist Lisa Novack told the NASBA Meeting. About 91 percent of those breaches resulted from “spear phishing” which targets specific individuals or companies. Ms. Novack explained that the key in the e-mail is urgency, pushing the target into action or allowing one click on an attachment to take the user to a fraudulent website which appears legitimate. Breaches can occur through mobile phones, printers and fax machines as well as computers, she noted.

Tax preparers need to maintain a written security plan under the Financial Services Modernization Act, which is about 20 years old, Ms. Novack noted. She suggested reviewing IRS Publication 4557 Safeguarding Taxpayer Data: A Guide for Your Business for details on the rules, and IRS Publication 5293 Data Security Resource Guide for Tax Professionals.

Signs of data theft include getting many returns rejected by the IRS or clients receiving refunds or transfers that had not been requested, Ms. Novack said. She advised checking the Electronic Filing Identification Number (EFIN) regularly and to contact the IRS help desk immediately if the EFIN number is larger than the number of clients filed.

One audience member said the level of service received from the IRS on a stolen identity issue was pretty bad. Ms. Novack admitted that the IRS had been overwhelmed, but they hope to do better in the future. She suggested reaching out to the stakeholder liaison local contact if the response takes much longer than expected.

Vice Chair Janice Gray, who moderated the panel, asked if all client records would need to be open to the FBI if they are called in. Mr. Hellmer responded that the FBI depends on what the client gives them. They will look at network logs, service providers, etc., but would do nothing with the client data that would not be relevant to the investigation of the problem.