Prevent Remote Access Takeover Attacks

By now anyone who works in the U.S. income tax industry should be well aware of the threat posed by cybercriminals who commit tax fraud with stolen information. The tactics of phishing emails, hacked security measures and secretly installed malware have been major topics of discussion in the industry in recent months.

But did you know that tax pros also now face the threat of a total takeover of their tax processing computer systems by outsiders? In these “remote access” attacks, the hacker gets more than the tax preparer’s username and passwords. He controls the practitioner’s complete data chain, filing bogus income tax returns with the pro’s computer and software, using his EFIN and sending the bogus refunds to the crook’s own accounts.

Multiple incidents of this kind have been reported to the IRS in the past year, and it’s gotten the attention of IRS Commissioner John Koskinen.

“This is another emerging threat to tax professionals that the IRS has seen on the rise,” Koskinen said. “A remote takeover can be devastating to practitioners’ business as well as to the taxpayers they serve. It’s critical for people to take steps to understand and prevent these security threats before it’s too late.”

A remote attack can targets an individual computer or a complete network. The cybercriminal gets in by exploiting weaknesses in security settings to access the devices.

Another line of attack uses malware to download malicious code that gives the criminals access to the network. Wireless networks are especially vulnerable; these can include mobile phones, modems and routers, printers, fax machines and televisions that retain their factory-issued password settings. Sometimes, these devices have no protection at all.

Many times remote access attacks start with a phishing email that carries an attachment. Purporting to be from a trusted source, the attachment can secretly install malware on the tax pro’s system that can give control over to the attacker.

Hackers can also deploy certain tools allowing them to identify the location of the tax preparer’s unprotected wireless system—and give them remote control of the network.

For example, a printer with a factory-issued password can be accessed easily and the criminals can access the tax return information stored in its memory.

Prevent Remote Access Takeovers

The IRS urges tax professionals to take the following steps to help protect themselves from remote takeovers:

  • Educate staff members about the dangers of phishing scams, which can be in the form of emails, texts or calls, as well as the threat posed by remote access attacks
  • Use strong security software; set it to update automatically and run a periodic security “deep scan” to search for viruses and malware
  • Identify and assess wireless devices connected to the network, including mobile phones, computers, printers, fax machines, routers, modems and televisions. Replace factory password settings with strong passwords
  • Strengthen passwords for devices and for software access. Make sure passwords are a minimum of eight digits (more is better) with a mix of numbers, letters and special characters
  • Be alert for phishing scams: do not click on links or open attachments from unknown, unsolicited or suspicious senders
  • Review any software that employees use to remotely access the network as well as those used by IT support vendors to remotely troubleshoot technical problems. Remote access software is a potential target for bad actors to gain entry and take control of a machine. Disable your remote access software until it is needed.

Increasing awareness about remote takeovers is part of the “Don’t Take the Bait” campaign, a 10-part series aimed at tax professionals. The IRS, state tax agencies and the tax industry, working together as the Security Summit, urge practitioners to learn to protect themselves from remote takeovers. This is part of the ongoing Protect Your Clients; Protect Yourself effort.