This office does not handle:

  • Unemployment Insurance Benefits (UI)
  • State Disability Issues (SDI)
  • Worker Compensation Issues
  • EDD Overpayments

Over 50 Years In Practice
Over 500 Articles

Ask The Edd Attorney – Tax Professionals –Extra! Extra! Read All About The New Irs Warnings! Part 2

By Robert S. Schriebman



The IRS and the FBI have come out with a series of warnings to tax professionals as well as corporate personnel involved in payroll functions. Between the months of July through September both the IRS and the EDD will be sending out approximately 10 separate press releases warning of new scams that involve the stealing of employee ID information and other payroll information, as well as confidential data in client files. The IRS and FBI effort is known as “Don’t’ Take The Bait Campaign.”

There has been such a dramatic increase in payroll related cyber attacks that the FBI has taken to publishing warnings and joining forces with the IRS. The year 2017 showed an increase of 1300% in identified losses with more than $3 billion in wire transfers since early 2015. These scams are not merely confined to our borders but are international in scope. For example, cyber crooks will try to impersonate corporate executives, target payroll, and trick employees to transfer funds into special accounts.

Since the publication of Part 1, the IRS has continued to issue warnings to tax professionals. On September 6, 2017 the IRS issued IR 2017-144 informing tax professionals that the IRS is currently receiving reports of tax professional data breaches at the rate of 3 to 5 per week. The press release also pointed out the importance of taking the time to educate and inform your employees of the importance of a heightened security awareness not only in the office but at their homes as the IRS is aware of situations where a data breach of a tax preparer’s office began at the home of an employee working remotely.

Tax professionals who handle taxpayer information have obligations under federal and state law to protect that information from unauthorized disclosure, improper disposal and outright theft.

I have reviewed all of the IRS press releases that have been issued since mid-July. Almost every press release continues to emphasize the importance and the duty of the tax professional to educate his/her employees to combat daily threats including spear phishing emails, business identity theft, account takeovers, Ransomware attacks, remote takeovers, business email compromises, Electronic Filing Identification Number (EFIN) thefts, and Form W-2 thefts

Here, I will attempt to inform you of the many suggestions by both the IRS and the FBI issued in the several press releases. However I cannot list each and every recommendation. Therefore, may I suggest that you retrieve from your various online resources and review carefully the following IRS Advance Releases:

IR 2017-120 (July 19, 2017)
IR 2017-125 (August 2, 2017
IR 2017-126 (August 7, 2017)
IR 2017-130 (august 16, 2017)
IR 2017-132 (August 23, 2017)
IR 2017-134 (August 29, 2017
IR 2017-136 (August 30, 2017)
IR 2017-144 (September 6, 2017)
IR 2017-152 (September 13, 2017)

IRS/FTB Safeguard Recommendations

A Warning to Windows Users

Before getting into specific recommendations offered by the IRS and the FBI, I want to call your attention to a portion of IR 2017-126 (August 7, 2017) specifically warning Windows users. The warnings are to protect the tax professional from the latest scam email variations that come with the subject line of “Software Support Update” and highlights “An Important Software Systems Update.” It thanks the recipients for continuing to trust the software provider to serve their tax preparation needs and mimics the software providers’ email templates. Follow this process to help the investigation of these scam email:

  1. Use “Save As” to save the scam. Under “save as type” in the drop-down menu, select “plain text” and save to the desktop. Do not click on any links.
  2. Open a new email and attach this save email as a file.
  3. Send a new email containing the attachment to the tax software provider, as well as a copy to [email protected]

Protecting Yourself from Thefts of W2 Information

Tax professionals should consider taking these steps:

  • Confirm requests for Forms W-2 – wire transfer or any sensitive data exchanges verbally, using previously known telephone numbers do not use the telephone numbers listed in the email.
  • Educate your employees about W-2 scams particularly those employees with access to sensitive data such as W-2s, or with authorization to make wire transfers.
  • Consult with an IT professional and follow these FBI recommended safeguards:
    1. Create intrusion detection system rules that flag emails with extensions that are similar to company mail. For example, legitimate email of would flag fraudulent email of
    2. Create an email rule to flag email communications where the “reply” email address is different from the “from” email address shown.
    3. Color code virtual correspondence so emails from employee/internal accounts are one color and emails from non-employee/external accounts are another.

Protecting Clients and Businesses from Account Takeovers

Identity thieves have many schemes to steal login credentials. A common tactic is to use a spear phishing email that targets tax professionals. The IRS and the FBI recommend a few steps that you can use to protect client and business accounts:

  • There is no substitute for educating your employees about the dangers of spear phishing and account takeovers. After all, it only takes a breach by one employee. Note earlier in this article how thieves target remote workers who work from home.
  • Use strong and unique passwords or use a phrase instead of a word. Use different passwords for different accounts. Use a minimum of 8-10 characters. Designate someone in your office to be a “password manager” to keep up with password changes.
  • Use the strongest encryption software available.
  • Use strong malware/phishing software protection.
  • Use two-factor authentication whenever possible. This practice helps protect accounts by requiring two-steps for access.
  • Check EFIN counts weekly. Access the application (via website) e_Services and select “Check EFIN Status.” If someone is using the EFIN without your knowledge, a higher number of returns filed under that number will result.
  • Report Phishing emails. Fraudulent phishing or malicious email can be sent to [email protected] For more information, see Report Phishing.
  • Obtain and review IRS Publication 4557, Safeguarding Taxpayer Data.

Reporting Data Thefts

In IR 2017-152, published on September 13, 2017 the IRS sets forth sources for reporting data theft. As part of the introductory material the IRS warns tax professionals that in addition to violating federal law by not safeguarding taxpayer information, the tax professional may also have exposure to violations of state law.

The IRS refers tax professionals to its Publication entitled “IRS Data Theft Information for Tax Professionals,” for details on reporting security breaches and losses.

Contacting the IRS and Law Enforcement

  • Internal Revenue Service – Report client data theft to local IRS offices.
  • Federal Bureau of Investigation – Contact local office.
  • Secret Service – Report to the Secret Service only if directed to do so.
  • Local Police – File a Police report if required to do by your insurance carrier.

Contacting States in Which the Tax Professional Prepares State Returns

  • Email the Federation of Tax Administrators at [email protected] to get information on how to report victim information to the states.
  • State Attorney General, most states require that the Attorney General be notified of data breaches.

Contacting Experts

  • The various press releases issued since mid-July stress the importance of retaining a security expert to determine the cause and scope of breach and to prevent future breaches.
  • Report security breaches to your insurance company and be prepared to report them to your malpractice carrier.

Contacting Clients and Other Services

  • Send an individual letter to all victims to inform them of the breach but the IRS press release emphasizes contacting law enforcement on when these letters should be issued.
  • Federal Trade Commission (FTC) – Contact the FTC at [email protected]
  • Credit Bureaus – consider notifying credit bureaus if there is a compromise.


Robert Schriebman has a successful practice in the Rolling Hills Estates area of Los Angeles County serving clients throughout California and the United States. He has successfully dedicated more than 40 years to helping individual taxpayers, business owners, CPAs, Enrolled Agents, and tax attorneys navigate the complicated tax systems of the federal and state governments.

Robert Schriebman has written the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.

Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House.

Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House in addition to the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.

Web Site Article 294