Cyber eAlert: Fraudulent Tax Return Filings, Other Cyber Threats

Since April 2020, 13 CAMICO policyholders have reported data breaches that in aggregate resulted in the hackers filing over 300 fraudulent income tax returns through the CPAs' tax software.

Now, more than ever, data security is an urgent concern for the accounting profession. In the wake of the COVID-19 pandemic, CPA firms are operating in a "new normal." Working remotely to such an extreme has opened new potential access points and vulnerabilities hackers can exploit. CPA firms are already prime targets for identity thieves, and these new vulnerabilities certainly exacerbate the profession's cyber-related challenges.

Clever hackers have many ways of exploiting accountants facing tax filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cyber criminals increases, so do the types of threats and the number and scope of data breaches.

Take Action Now

Given the looming July 15th tax deadline, it is critical that firms be extra diligent in following the firm’s established security measures and safeguards. Remind all employees of the importance of strict adherence to such security measures and established safeguards.

Although not meant to be all-inclusive, the following basic best-practice measures are extremely important given the increased cyber exposure with the upcoming tax deadline and should be prioritized:

  • Ensure all software has the latest security options/patches. This will help protect against malware, viruses, and hacker attacks.

  • Frequently back up all important data and information and verify your backups. Regular backups reduce the likelihood that critical data is lost in the event of a cyber attack. Protect the backups in a remote or external location, outside of your network, where they are safe from ransomware that seeks out backup copies. Periodically verify that your data backup process is working properly to assure that your data will be recoverable if a crisis occurs.

  • Change and strengthen passwords frequently. Systems are only as secure as the passwords used to access them.

  • Use two-factor authentication. This adds an extra level of security to help prevent an account hack, especially when employees work remotely.

  • Slow down to avoid being yet another “phishing scam” victim. Take the time necessary to validate suspicious or unexpected email. And do not click a link, pop-up or attachment without first hovering the cursor over the link to display the URL to assess its legitimacy. If there is an urgent call to action, rather than clicking on a link, consider a different way to validate the request such as calling to get verbal confirmation that the communication is legitimate, or going directly to the purported sender’s URL.

  • Maintain strong work-from-home cyber hygiene. Reinforce with employees the cyber protocols to be followed when working remotely (e.g., machine use restrictions, WiFi passwords, VPN, firewalls, etc.).

  • Remind all employees of the importance of powering down computers when not in use. Computers are not accessible to attacks or intrusions when powered off.

Next Steps — Review and Update the Firm’s Information (Data) Security Plan

The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s ("GLBA") Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. One such requirement is to have in place a written Information (Data) Security Plan ("ISP"), and to periodically review the effectiveness of the program and reassess the risk factors as well as any material changes to the firm’s operations.

Periodically assessing the appropriateness of your security measures and safeguards given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external risks to security, is a critical step to ensuring your firm’s overall cyber preparedness. Shortly after the dust settles following the July 15th tax deadline may be an ideal time to review your firm’s safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.

Special attention should be given to ensure that your firm continues to prioritize appropriate firm-wide cybersecurity awareness training. Your scheduled training may have been interrupted due to the pandemic, or the training may require updating to address perceived pandemic-related threats to your existing protocols and infrastructure. In addition, review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.

If your firm does not yet have a written security plan in place, refer to CAMICO's Information (Data) Security Plan template. The template can be found on the Cyber/Data Security Resource Center on the CAMICO Members-Only Site ( It is important to note that a firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with their IT/cyber specialists and legal counsel, as appropriate, to modify and tailor the template to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.

Additional Resources

For additional CAMICO guidance, policyholders are encouraged to access the Cyber/Data Security Resource Center on the CAMICO Members-Only Site (

Refer to the IRS website for detailed guidance at You can also refer to the IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.

Share this post

Leave a comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Latest Articles

  • 27 Jul

    Exclusive Policyholder Benefits

    Risk management services and resources to help you with today's practice challenges

    CAMICO knows that insurance alone is not a solution for reducing risks. That's why you have access to CAMICO’s proven approaches that have helped numerous CPA firms manage risk and avoid claims.... read more

  • 27 Jul

    War Story 117 - Ransomware Attack

    A staff member of a mid-size CPA firm logged into a public wi-fi network at a coffee shop and spent the morning working on firm files while on the public network. A few days later the employee received an email message from a hacker stating that a ransomware attack had encrypted all of the... read more

  • 27 Jul

    Policyholders Respond to CAMICO Survey on the Pandemic

    More than 900 CAMICO policyholders responded to a survey recently regarding the COVID-19 pandemic impacts on CPA firms. CAMICO conducted the survey to learn more about how policyholders are being affected by the crisis and what they view as their top challenges. The survey also included co... read more

  • 27 Jul

    In Memoriam: Tag Wilson

    Tag Wilson Tag Wilson, a dedicated CAMICO claims team member, passed away unexpectedly in February 2020. Tag had been with CAMICO since 2001 and was a passionate advocate o... read more