As tax-related scams prompt IRS warning, firms need to react

minute read

Last Updated September 25, 2023


The IRS doesn’t just give away money. But a lot of scammers would like their potential victims to think that it does.

This summer, the number of tax-related scams has skyrocketed, according to the IRS. Most of them involve a would-be criminal promising some sort of payout from the IRS. One of the more popular false promises is that the IRS is offering an economic payout similar to the payments the government dispensed during the COVID pandemic. For the record: It is not.

Other scams include false claims of eligibility for employee retention credits, bogus online tax refunds and fraudulent messages suggesting taxpayers have a “problem” with their returns and need to contact the IRS. Of course, all contact goes back to the people who concocted the scam.

One particularly insidious, if old-school, ruse involves the intended victim receiving a letter in a cardboard envelope and printed on IRS letterhead. The letter mentions an unclaimed tax refund and offers contact information. All of these scams have branched out beyond email. Aside from the physical letter, text messages have become a popular medium for scammers as well.

Accounting firms must take action to minimize the impact tax-related scams can have on clients, employees and the firm.

Run Key Applications in the Cloud

One of the most important steps a firm can take is to move away (as much as possible) from email (and even text) and communicate with clients via a fully managed and secure cloud environment. When you run key business and tax applications in the cloud with a trusted partner, you and your clients can share information from anywhere and at any time without having to use less secure methods like email or text.

A fully managed cloud, kept safe by a cloud provider’s security experts, gives your clients a secure place to communicate with you and access their information. Falling for a phishing attack is virtually impossible if you’re not using email or texting, provided you read your physical mail carefully. Most successful scams require the intended victim to take some sort of action—click a link, call a number or respond to a text. A fully managed cloud protects you and your clients from those vectors of attack.

Let Clients Know What’s Happening

Like everybody else, your clients use email and text messages to communicate every day, even if they mostly get ahold of you through a secure cloud environment. They need to know that these scams exist. While phishing messages can often be poorly written and obviously fraudulent, ChatGPT and other artificial intelligence tools are helping scammers create more convincing and less cringeworthy communications.

It’s easy to click on a malicious link by accident. And all it takes is one click for a cybercriminal to steal your clients’ data and hold it for ransom, possibly crippling your firm or putting it out of business. You need to let your clients know what scams look like so they can better protect themselves when working outside of your secure cloud environment.

In fact, your clients should know what the cloud can do for them. A cloud provider can stop the damage from a cyberattack before it starts even if a user does click a malicious link. Cloud providers have security resources that the majority of businesses do not. Doing business in the cloud is the safest way to operate—and it’s as true for your clients as it is for your firm.

Train Employees To Look Out for Scams

Your clients aren’t the only potential victims of scams. Your firm could fall victim as well. If one of your employees clicks a bad link, your data is immediately at risk. One way to significantly diminish that risk is to rely on a cloud provider for security. Another great way is to train employees on how to spot scams.

A cloud partner can help by providing employees with real-world examples of phishing messages and tips on how to avoid becoming a cyberattack victim. Ultimately, your employees are your first and best line of defense against hackers. If they learn how to spot suspicious emails, it significantly reduces the risk of a breach.

And the fallout from a breach can be significant—not just for your clients but for your firm as well. You’ll have to notify clients and partners of the breach. There’s no keeping it secret. Publicly traded companies now have just four days to provide notification of a breach. While this rule likely doesn’t affect your firm, clients or partners will expect rapid notice in the event of a breach. It’s better to avoid an attack and not have to tell them anything at all.

It’s rare for the IRS to be so concerned about tax scams that it issues a general warning—and that means it’s serious. As taxpayers continue to sort their affairs in the wake of the pandemic and other recent economic and policy changes, scammers will take every opportunity to steal their money. Your firm and your clients need to understand the risk and work to safeguard sensitive data and information.

Protect your firm by running apps in the cloud. Get started today.

Recommended next

Cyberattacks Targeting Cities Should Put Accounting Firms on Notice

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.