Tuesday, August 1, 2017

Don’t Take the Bait, Step 4: Defend against Ransomware


  
WASHINGTON – The Internal Revenue Service, state tax agencies and the tax industry today warned tax professionals that ransomware attacks are on the rise worldwide as bad actors here and abroad infiltrate computer systems and hold sensitive data hostage.
The IRS is aware of a handful of tax practitioners who have been victimized by ransomware attacks. The Federal Bureau of Investigation recently cautioned that ransomware attacks are a growing and evolving crime threatening the private and public sectors as well as individuals.
The “Don’t Take the Bait” campaign, a 10-week security awareness campaign aimed at tax professionals, hopes to increase awareness about these attacks. The IRS, state tax agencies and the tax industry, working together as the Security Summit, urge practitioners to learn to protect themselves. This is part of the ongoing Protect Your Clients; Protect Yourself effort.
“Tax professionals face an array of security issues that could threaten their clients and their business,” IRS Commissioner John Koskinen said. “We urge people to take the time to understand these threats and take the steps to protect themselves. Don’t just assume your computers and systems are safe.”   Ransomware is a type of malware that infects computers, networks and servers and encrypts (locks) data. Cybercriminals then demand a ransom to release the data. Users generally are unaware that malware has infected their systems until they receive the ransom request.
The 2017 Phishing Trends and Intelligence Report issued annually by Phishlabs named ransomware one of two transformative events of 2016 and called its rapid rise a public epidemic.
In May 2017, a ransomware attack dubbed “WannaCry” targeted users who failed to install a critical update to their Microsoft Windows operating system or who were using pirated versions of the operating system. Within a day, criminals held data on 230,000 computers in 150 countries for ransom.
The most common delivery method of this malware is through phishing emails. The emails lure unsuspecting users to either open a link or an attachment. However, the FBI also has warned that ransomware is evolving and cybercriminals can infect computers by other methods, such as a link that redirects users to a website that infects their computer.
Victims should not pay a ransom. Paying it further encourages the criminals. Often the scammers won’t provide the decryption key even after a ransom is paid.
Tips to Prevent Ransomware Attacks
Tax practitioners – as well as businesses, payroll departments, human resource organizations and taxpayers – should talk to an IT security expert and consider these steps to help prepare for and protect against ransomware attacks:
  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • For digital devices, ensure that security patches are installed on operating systems, software and firmware. This step may be made easier through a centralized patch management system.
  • Ensure that antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts — no users should be assigned administrative access unless necessary, and only use administrator accounts when needed.
  • Configure computer access controls, including file, directory and network share permissions, appropriately. If users require read-only information, do not provide them with write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers, compression/decompression programs.
  • Back up data regularly and verify the integrity of those backups.
  • Secure backup data. Make sure the backup device isn’t constantly connected to the computers and networks they are backing up. This will ensure the backup data remains unaffected by ransomware attempts.
Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov. Tax practitioners who fall victim to a ransomware attack also should contact their local IRS stakeholder liaison.

Tips to Keep in Mind on Income Taxes and Selling a Home



Homeowners may qualify to exclude from their income all or part of any gain from the sale of their main home.
Below are tips to keep in mind when selling a home:
Ownership and Use. To claim the exclusion, the homeowner must meet the ownership and use tests. This means that during the five-year period ending on the date of the sale, the homeowner must have:
  • Owned the home for at least two years  
  • Lived in the home as their main home for at least two years    Gain.  If there is a gain from the sale of their main home, the homeowner may be able to exclude up to $250,000 of the gain from income or $500,000 on a joint return in most cases. Homeowners who can exclude all of the gain do not need to report the sale on their tax return
Loss.  A main home that sells for lower than purchased is not deductible.
Reporting a Sale.  Reporting the sale of a home on a tax return is required if all or part of the gain is not excludable. A sale must also be reported on a tax return if the taxpayer chooses not to claim the exclusion or receives a Form 1099-S, Proceeds from Real Estate Transactions.
Possible Exceptions.  There are exceptions to the rules above for persons with a disability, certain members of the military, intelligence community and Peace Corps workers, among others. More information is available in Publication 523, Selling Your Home.
Worksheets.  Worksheets are included in Publication 523, Selling Your Home, to help you figure the:
  • Adjusted basis of the home sold
  • Gain (or loss) on the sale
  • Gain that can be excluded
Items to Keep In Mind:
  • Taxpayers who own more than one home can only exclude the gain on the sale of their main home. Taxes must paid on the gain from selling any other home.
  • Taxpayers who used the first-time homebuyer credit to purchase their home have special rules that apply to the sale. For more on those rules, see Publication 523. Use the First Time Homebuyer Credit Account Look-up to get account information such as the total amount of your credit or your repayment amount.
  • Work-related moving expenses might be deductible, see Publication 521, Moving Expenses.
  • Taxpayers moving after the sale of their home should update their address with the IRS and the U.S. Postal Service by filing Form 8822, Change of Address.
  • Taxpayers who purchased health coverage through the Health Insurance Marketplace should notify the Marketplace when moving out of the area covered by the current Marketplace plan.
Avoid scams. The IRS does not initiate contact using social media or text message. The first contact normally comes in the mail. Those wondering if they owe money to the IRS can view their tax account information on IRS.gov to find out.