The IRS says that it has seen a steep upswing in the number of reported thefts of taxpayer data from tax practitioner offices. Seventy-five firms reported taxpayer data thefts in January and February, nearly a 60 percent increase from the same time last year. Much of this increase, it says,  follows one scam, the erroneous refund scheme, that affected thousands of taxpayers and numerous practitioners earlier this filing season.

The IRS is warning tax professionals to be on high alert and deploy strong security measures as the filing season reaches a peak with the April 17 deadline approaching.

Some tax professionals may be unaware they are victims of data theft. Here are some signs:

• Client e-filed returns begin to reject because returns with their Social Security numbers were already filed;

• The number of returns filed with tax practitioner’s Electronic Filing Identification Number (EFIN) exceeds number of clients;

• Clients who haven’t filed tax returns begin to receive authentication letters (5071C, 4883C, 5747C) from the IRS;

• Network computers running slower than normal;

• Computer cursors moving or changing numbers without touching the keyboard;

• Network computers locking out tax practitioners.

• Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember: The IRS never initiates contact via email.

• Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.

• Review internal controls:

   Use strong and unique passwords of 10 or more mixed characters, password protect all wireless devices, use a phrase or words that are easily remembered and change passwords periodically.

   Encrypt all sensitive files/emails and use strong password protections.

   Wipe clean or destroy old computer hard drives that contain sensitive data.

   Limit access to taxpayer data to individuals who need to know.

   Check IRS e-Services account weekly for number of returns filed with EFIN.

Those who experience a security incident or a breach resulting in data disclosure should report the incident to the appropriate IRS Stakeholder Liaison.