Check System
Send us your comment!

Your comment will be read by our web staff, but will not be published.

Please do not enter any personal information. Your comment is voluntary and will remain anonymous, therefore we do not collect any information which would enable us to respond to any inquiries.

However, provides a How to Contact the IRS page where you will find guidance on where to submit specific questions.

Share this presentation
Copy and paste the following URL to share this presentation
To email a link to this presentation, click the following:
This program writes a small 'cookie' locally on your computer when you set a bookmark.
If you want to utilize this feature, check the following checkbox. Otherwise, bookmarks will be disabled.
This is an IRS
audio presentation.

To view this page, ensure that Adobe Flash Player
version 10 or greater is installed.

Get Adobe Flash player

Slides PDF

I see it's the top of the hour. For those of you just joining, welcome to today's webinar. In Support of the 2022 National Tax Security Awareness Week, the IRS Security Summit Presents a Deeper Dive into Emerging Cyber Crimes and Crypto Tax Compliance. We're glad you're joining us today. My name is Michael Smith, and I'm a Senior Stakeholder Liaison with the Internal Revenue Service. I will be your moderator for today's webinar which is slated for 75 minutes. Before we begin, if there is anyone in the audience with the media, please send an email to the address on the slide. Be sure to include your contact information and the news publication you're with, our media relations and stakeholder liaison staff will assist you and answer any questions you may have. As a reminder, this webinar will be recorded and posted to the IRS video portal in a few weeks. The video portal is located at Continuing education credits or certificates of completion are not offered if you view any version of our webinars after the live broadcast. We hope you won't experience any technology issues, but if you do, this slide shows helpful tips and reminders. We've posted a technical help document in the materials section on the left-side of your screen. It provides minimum computer requirements for viewing this webinar as well as some quick solutions. If you completed and passed your system check and you're still having problems, try one of the following; number one, close the screen you're using to view the webinar and relaunch it. And number two click on settings on your browser viewing screen and select HLS.

If you should have received today's PowerPoint in an email, if you didn't, you can find it under the materials section on the left-hand side of your screen of this slide. Closed captioning is available for today's presentation. If you're having trouble hearing the audio through your computer speakers, please click the closed captioning drop down arrow located on the left side of your screen. This feature will be available throughout the webinar. If you have a topic-specific question today, please submit it by clicking on the ask question drop down arrow to reveal the text box. Type your question into that textbox and simply click send. Very important note on that, please do not enter any sensitive or taxpayer-specific information. During the presentation, we will take a few breaks to share knowledge-based questions with you. At those times a polling style feature will pop up on your screen with a question and multiple choice answers.

Simply select the response you believe is correct by clicking on the radio button next to your selection and then click submit. Some people may not get a polling question, and this may be because you have your pop-up blocker on. Please take a moment and disable your pop-up blocker now so you can answer these questions. We've included several technical help documents that describe how you can allow pop-up blockers based on the browser you are using. We have documents for Chrome, Firefox, Microsoft Edge, and Safari. You can access them by clicking on the materials drop down on the side of your screen. We're going to take some time now and test a polling feature.

Here's your opportunity to ensure your pop-up blocker is not on and you can receive the polling questions throughout the presentation. You should see the polling question popping up on your screen now. The question reads how many times have you attended an IRS national webinar? With A-this is your first time. Thank you for joining us. B-you attended 1 through 5 webinars. C-6 through 10. D-11 through 15. Or E-16 or more national webinars with us. I'm just going to read that one more time to make sure everyone has an opportunity to see this pop up and make sure they can enter their response. We are simply asking how many times have you attended an IRS national webinar. So take a moment, click the radio button that corresponds with your answer.

I'll give you a few more seconds to make your selection. Okay, we are going to stop the polling now. And I'll check with my team to see what our responses were in just a second. We hope you received the polling question and you were able to admit your answer. If not, now is the time to check your pop-up blocker. I'm getting those figures now. It looks like 13% are joining us for the first time. Then we have 23% who have attended 1 through 5. 18% 6 through 10. 12% 11 to 15. And 35%, our largest group are here for their 16th or more national webinar with us. Welcome everybody, thank you so much for joining us. All right, and again welcome and thank you. We will now begin the webinar. Before we move along with our session, let me make sure you're in the right place.

Today's webinar is titled In Support of the 2022 National Tax Security Awareness Week, the IRS Security Summit Presents a Deeper Dive into Emerging Cyber Crimes and Crypto Tax Compliance. This webinar is scheduled for approximately 75 minutes. And let me introduce today's speaker. Our speaker today is Nick Silva. Nick is a Program Manager with Criminal Investigations and their Cyber Crime Section. Nick has worked with IRS Criminal Investigations for over 16 years out of the New York and New Jersey area. Nick, if you're all set, I will turn it over to you. >> NICK: All right, thank you, Michael. Good afternoon, everyone. Thank you for joining. I want to give everybody a heads up, I do have a little bit of a cold. So I want to apologize in advance if I have to take a quick break or take a drink of water. I'll try to make it through without any interruptions. Let's get into it. So the objectives for today's presentation are; understanding and responding to a business email compromise and/or data breach, identifying what the dark web is and how it is used for cybercrime and identity theft, recognizing general terms and information pertaining to virtual currency, and understanding the efforts by IRS criminal investigation to combat cyber criminals and illicit activity. So what is the IRS CI mission? CI investigates criminal violations of the Internal Revenue code and any financial crimes while also fostering confidence in the U.S. tax system and compliance within the law. So what type of cyber crimes do we have? Let's clear something up so everybody understands. There's cybercrimes and cyber security. Cyber crimes are anything involved in anything cyber related versus cyber security is the preventative measures and protection of your business networks or any network you're on. You need a whole team that really handles cyber security. And we're going to talk about both of these aspects today. So what is a cyber-dependent crime. In other words this is a crime that would not happen without the internet. The use of the internet or computers. Some of these examples are hacking, implementation of viruses into a known network, et cetera. IRS CI typically is not looking to focus in this area. There are other areas that are more focused on this such as the FBI probably being the most prominent, DHS, and the United States Secret Service. The one thing where CI does assist on these types of investigations is on the financial angles. Because IRS CI agents have a background in educational training in accounting and finance. Then there's also cyber-enabled crimes. This is when you have a traditional crime that is enhanced by using the internet or computers, such as theft, fraud, tax crimes where the internet is used, dealing with personal identifiable information, surfing the dark web, virtual currency crimes, and terrorism financing.

These will all be in your money laundering and financial cases post hack environment. Let's talk about understanding compromise in data breach. Email compromise is a sophisticated scam targeting businesses and individuals regarding the transfer of funds. It's frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion technique to conduct unauthorized transfer of funds. The FBI hosts a database called IC3 which stands for the internet crime compliance center. Think of it as a police report for all cyber complaints and crime. An interesting fact is in 2021 for personal data breaches for individuals, the IC3 had 51,829 complaints for an estimated $517 million in lawsuits. The IC3 annual report also states in 2020 the IC3 received 19,369 business-email compromise complaints with suggested losses of over $1.8 billion. And in 2021, that number increased to 19,954 business email compromised complaints with losses over $2.3 billion. Our 2019 numbers were higher. The IC3 received 22,775 complaints with adjusted losses of over $1.7 billion. So it's good that the complaints are going down, but unfortunately the amount of money is going up. The IRS stakeholder liaison also keeps track of IRS-reported data breaches. So in 2020, we had 291 cases reported and 2021 we had 268 cases reported. So we are starting to see less. So the business email compromise process has the following stages. First is social engineering. Social engineering is a process used to manipulate individuals into divulging confidential or personal information which may be used for fraudulent purposes. This is the use of open-source internet to gain knowledge. They identify the key employees of the business, CEO, payroll, human resources, et cetera. So for example if you're going to a business's website, you usually see the list of everyone from the CEO to the executive staff. Once they have this information, they'll work on the grooming stage.

Grooming is the act of contacting another individual to gain trust and friendship with the ultimate aim of conducting fraudulent activity. So for example sending a simple email with simple questions, are you accepting new clients? What are the hours of your business, et cetera. Things like that just to start engaging in multiple email exchanges to gain trust and confidence. They use it to identify and confirm that they have reached the right person they're trying to target.

Then lastly is where the exchange of information happens. The exchange of information is the end goal for the criminal to obtain the personal identifying information. For example, they may send an urgent request for a person to send files of payroll, old taxes, employee lists, et cetera.

They'll request for the recipient to click on the link to see information that has been discussed during the grooming phase. If they get the form W2 during the exchange of information stage, they get the EIN, the employer identification numbers, social security numbers, income and withholdings, addresses, retirement plan, and health benefit plans. Ultimately the criminals are becoming much more adept, patient, and good at what they do. Their prize at the end is to get as much data and information about as many people as possible. Here on this slide is a real example of a business email compromise you might see. Obviously these are made up names not real businesses. They will mask the names so it appears to be let's say your CEO, your director, maybe the president of the company. The criminals for example know the CEO is on vacation because the CEO posted on Facebook or Instagram or whatever that they're on vacation this week. So now they'll get an email sent from the quote unquote CEO. Obviously the hackers are just masking the email.

Then they're asking somebody who's in human resources a specific question. I need you to email all of the W2s of all of the employees. How soon can you get me those? And what does the HR person do thinking it's the CEO? They respond to that email and that's what happens a lot of times in these business email compromises. It's an innocent mistake by the person in human resources, but they didn't really know because it looked like the email address was coming from the CEO. And really how many times are you going to say no to your boss? So Michael, I think it's a good time to go to our first polling question. >> MICHAEL: Terrific. All right audience, here is our first polling question. It should be popping up on your screen now. And the question reads during the business email compromises process, grooming is which of the following? A. The act of sending your dog for a hair cut. B. The act of contacting another individual to gain trust and friendship with the ultimate aim of conducting criminal activity. C. The act of exchanging information by obtaining a personal identifying information. Or D. None of these. So take a moment and click the radio button that best answers the question. I'll give you a few more seconds to make your selection. Okay we're going to stop the polling now. And let's share the correct answer on the next slide. As you can see the correct answer is B. Grooming is the act of contacting another individual to gain trust and friendship with an ultimate aim of conducting a criminal activity. All right, and let's see how everyone did. All right, we have a successful response rate of 88%. So 88% of you responded correctly. That's a great response rate. Good job everyone. Next, I will turn it back over to you. >> NICK: All right, perfect. Thank you, Michael. Now let's get into ransomware.

Ransomware is a type of malicious software that encrypts data on a computer making it unusable. It is a form of a data breach and typically it's from a phishing email. We also have smishing now and that's an SMS text message demanding ransomware. In 2020, the IC3 received 2,474 complaints identified as ransomware with suggested losses of over $29.1 million. In 2021, they received 3,729 complaints identified as ransomware, with adjusted losses of over $49.2 million. Clearly that's a lot more. This number does not include estimates of lost business, time, wages, files or equipment or any third party remediation services required by the victim. In some cases, victims do not report any loss amount to the FBI. So information is sold over and over for different scams.

Initially the data is very rich, active account information. But once known, company and individuals need to take measures. For example change passwords, get a new card, et cetera.

Criminals will then use that information for phishing tactics. For example, an email referencing your password, since most people use the same password for multiple accounts and that they have activated your webcam and have video of you or your browser history where they installed a keylogger to get your banking information. This is what we see in ransomware, there's three stages of ransom. First stage is the initial extortion, the encryption of your data and the demand of the ransom to get your data back. The second stage is double extortion stage. So the hacker has threatened to leak your data publicly in an effort to get you to pay more and to pay faster. In the last stage, the third stage is usually the triple extortion stage. Hackers are monetizing more by contacting your client to pay a ransom for their personal data. Even if you pay all of the ransom demanded, chances are your data is still being sold again by the hacker on the dark web.

Unless you're lucky enough to get the hacker with some scruples. So here is an example of what you may see if your computer has been compromised with ransomware. In this example, you'll see that all of your files have been encrypted. They allow you to view a message in a language you prefer.

They give you a time frame to submit a payment and you only have three days to submit payment. If you don't pay in seven days, you won't be able to recover your files. It's a pretty stern warning and very specific time demands. How do you pay? In this case, payment is requested in Bitcoin only. It may not be just Bitcoin, it may be another form of cryptocurrency. They're trying to make it so you can pay their ransom. What can you really do? Well for starters, have a data security plan for your business. The IRS Publication 4557, 4557 has the best practices to develop a security plan. Also visit It's really highly recommended for all individuals to have a data security plan. Let's talk about managing employees. Try to limit the access of certain employees to areas that are needed for data. Offer a lot of training and education for your employees. And really encourage the use of strong passwords for all of your employees. When it comes to software, use security software and really update it as needed or as frequently as possible. Use multifactor authentication as much as possible as well. Social media, just be aware of what information is being used by criminals and be careful with what you're posting online.

Excuse me. Emails. Be suspicious of requests for a quick turnaround. Don't just hit reply, type in the new email with a proper email address. Do your own research on the free web about what the person is requesting and what kind of information. Hover over any links and see if it is a link you should go to. Encrypt and password protect any data you are sending. Send passwords separately. This list is by no means an exhaustive list. Anything you can do to protect your data is better than doing nothing. Michael, I actually think we have another polling question coming up. >> Michael: We sure do. All right audience, let's take a moment and answer the following question. I believe it's popping up on your screens now. Polling question number two reads what is the definition of ransomware. Is it A, a new virtual currency even better than Bitcoin. B. A person who kidnaps your dog. C. A type of malware that encrypts data making it unusable. Or D. A hacker takes over your email account to gain access. So take a moment and click the radio button that best answers the question. I'll give you a few more seconds to make your selection now. Okay we're going to stop the polling now. I'll share the correct answer on the next slide. And the answer is C, ransomware is a type of malware that encrypts data making it unusable. And I can see our response rate was 93%. Wonderful job, audience. Nick, you're going a great job explaining everything. I will turn it back over to you. >> NICK: Thanks, Michael. And thanks everybody for making my job a lot easier here. Next I want to talk about the dark web. This is probably a famous picture you've all seen online. But it really does lay things out on the whole web as a whole. So first you have your surface web which is where your search engines are, news, business reviews, Wikipedia, et cetera. That's all the surface web. As you can tell, it really isn't the biggest part of the internet. Second is the deep web. That's as you can figure, academic databases, medical records, financial records, the best way to describe what's found in the deep web is really anything you need to create a username or password for. Then lastly is dark web. I'm sure most people have heard it before but that's really using the TOR or the onion router service.

It's where you find a multitude of illegal activities and the use of virtual currency, et cetera.

So on the dark web, this diagram really shows the main things you'll find on the dark web as far as illegal activity goes. So going around in a circle, at the top you have pornography, pharmaceutical sales, weapons of all types, blogs, a lot of political protest blogs, financial fraud sites, so instructions on how to conduct financial fraud, drugs, fake documentation services, that's going to be like getting fake passports, driver's licenses, et cetera, and carding sites. That's where you'll get fraudulent credit cards or stolen credit card information, et cetera. So let's look at some dark web markets. And this is really why it's important to have a cyber security program in your business. You don't want your client's PII to end up in here. So this slide shows nine markets. However markets are coming and going all the time. These all basically look like eBay for illicit items including many guides for how to obtain and use stolen information. Most of the funds received in the dark web markets are in crypto currencies, Bitcoin, privacy coins, et cetera. Let's talk a little bit about these coins, virtual currency. There's over 19,500 various coins right now. A cryptocurrency is a digital currency using cryptography to control the creation of new currency units. Since not all virtual currencies use cryptography, not all virtual currencies are cryptocurrencies. Cryptocurrency is an asset used as a means of exchanging. It is considered reliable because it's based on cryptography. One of the primary objectives is communications and how to make them secure. It creates and analyzes the algorithms and protocols so no information is interrupted during the exchange by third parties. Cryptography is a mix of a large number of different sciences with mathematics as the basis. It's math that attaches the severity or reliability to algorithms and protocols. Cryptocurrencies use block chain and decentralized ledgers and it's by no means that a supervisor authority controls all of the actions in the network. So it comes at the expense of all of the users. So by far the most popular virtual currency right now is still Bitcoin. Currently there are over 4,000 cryptocurrencies in circulation. As of June 1, 2022, the market cap was over $1.3 trillion. At one point 26% of all crypto-asset founders were located in the U.S. The interesting thing about Bitcoin is that there's a max supply of 21 million Bitcoins mined and currently there are about 19 million in circulation.

On June 1, 2022, the value was $31,619 compared to $38,750 back in June 17, 2021. At one time the value was actually about $68,000 or $69,000. So the fluctuation in virtual currency is pretty massive to say the least. Bitcoin's market cap is at $602 billion. It's still over 46.2% of the market. Typically you'll have a Bitcoin wallet address that will be 25 to 36 characters long, and it will begin with either a "1" if it's an older type of Bitcoin wallet, or it will begin with "3" if it's a newer version of a Bitcoin wallet. Another coin that's the second most popular coin right now is Ethereum, you may also hear of it as Ether. As of June when I checked it was trading at about $1,938 per coin with a total market cap total of $234 billion. So that's about 18% of the market. A little background on Bitcoin, On August 18, 2008, the domain name was registered. In October 2008, Satoshi Nakamoto published a paper on the cryptography mailing list describing the Bitcoin digital currency. In January 2009, Nakamoto released the first Bitcoin software and cryptocurrency called Bitcoin. Nakamoto released version 0.1 of Bitcoin software on January 9, 2009.

Nakamoto claimed that work on the writing of the code began in 2007. The inventor of Bitcoin knew that due to its nature, it would have to support a broad range of transaction types. The implemented solution enabled specialized codes and data from the start through predictive script. Nakamoto created a website with the domain name and continued to collaborate with others on the software until about mid- 2010. Around this time, he handed over the control of the source code, depository, and network alert key to Gavin Anderson. He transferred several related domains to prominent members of the Bitcoin community and stopped his involvement in the project. So shortly before his absence and hand over, Nakamoto made all of the modifications to the source code himself. One of the first supporters, adopters, contributors to Bitcoin and receiver of the first Bitcoin transaction was a programmer, Hall Finney. Finney downloaded the software the day it was released and received ten Bitcoins on January 12, 2009. Other early supporters were Wei Dai and Nick Szabo. In the early days, Nakamoto is estimated to have mined 1 million Bitcoins. Before disappearing from any involvement, he handed over the reins to Gavin Anderson who became the Bitcoin lead developer at the Bitcoin Foundation. The closest thing to an official public face. The value of the first Bitcoin transactions were negotiated by individuals on the Bitcoin forum with one notable transaction of 10,000 Bitcoins used to indirectly purchase two pizzas delivered by Papa Johns. So how do we treat virtual currency? Virtual currency is recognized as property, not currency. The gain or loss on a sale is treated similar to a sale or exchange of securities. So basis is the fair market value on the date it's received. Character of gain or loss depends on whether the virtual currency is a capital asset. Inherited cost basis of decedent.

Virtual currency information reporting that's going to be your W2s, your 1099s, et cetera. Receipt of virtual currency as a payment of goods and services is at its fair market value at the date received. Virtual currency received by an independent contractor or an employee constitutes income. Constitutes self-employment and wages. A taxpayer who mines virtual currency realizes gross income upon receipt. If mining constitutes a trade or a business, and a taxpayer is not an employee, the taxpayer is subject to self-employment tax on the income. Virtual currency paid as wages is subject to federal tax withheld. Here's a couple of guidelines you may want to take a look at. So a convertible virtual currency guidance, that's guidance number FIN- 2019-G001. It explains digital currency, cryptocurrency, crypto assets, digital assets, et cetera. All of that information is included. The IRS also has its Notice 2014-21 and IRS bulletin 2014-16 which gives guidance for individuals and businesses on the tax treatment of these virtual currencies. In 2022 about 37 states and U.S. territories came out with their own legislation on how to handle cryptocurrency. We have the Infrastructure Investment Act.

So this bill was actually signed into law November 15, 2021. It will require all exchanges and brokers to report the following to the IRS. Number one would be proceeds from a taxable sale and exchanges of digital assets. Two, the tax basis and the holding period for digital assets sold.

Three, the transfers of digital assets to other exchanges. Four, the transfers of digital assets to wallet addresses which are not attributed to other exchanges. That would be for example like your cold storage devices. And lastly, receipt of more than $10,000 in digital assets in one or more transactions. And this provision actually applies to any business, not just brokers. So these formal requirements take place starting January 2023. So Michael, I know I've covered a lot of information.

Why don't we check in with a polling question. >> MICHAEL: Sounds good to me. All right audience, here is our third polling question. That should be popping up now. And it reads which of these statements is true? A. Virtual currency is recognized as property. B. Virtual currency payments are subject to information reporting. C. Gain or loss on sale is treated similar to sale or exchange of securities. Or D. All of those statements are true. Take a moment, click the radio button that best answers the question. I'll give you a few more seconds to make your selections.

Okay, we're going to stop the polling now. And show the correct answer on the next slide. As you can see the correct answer is D. All of those answers are true and correct. We had a success rate of 97% of our audience answer that correctly. Excellent job, audience. All right, Nick, I think it's going great. I will hand it back over to you if you're all set. >> NICK: Yeah, awesome.

Thanks again, Michael. Now I'll talk about crypto kiosk and what it is. Essentially it's a crypt o ATM. They're in about 75 countries worldwide. In the U.S. it's grown tremendously. At the end of 2019, there are about 6,000 globally. In 2021, there was over 21,000. And nowadays there's over 33,000. So it keeps growing. And there's certain states coming up with their own regulations and rules for it. Let's talk about who accepts Bitcoin. On the slide are some of the businesses that currently accept Bitcoin such as PayPal, Dell, Amazon, et cetera. And the list really does continue to grow. There are about 600,000 plus restaurants in the United States, and only about 94 actually accept Bitcoin and virtual currency. There's still some reluctance obviously due to the difficulty in convertibility and exchange to fiat currency. It is more of a hassle unless you're really sophisticated in this space. Interesting to know how many businesses in the West Coast that are actually accepting Bitcoin right now. Next, why do we use Bitcoin? It's fast. It can be instantaneous where typically it takes about ten minutes to do a transaction in Bitcoin. It's available globally mobile, you can use it anywhere essentially. It's cheap for consumers and merchants. There are no charge backs. People can't steal your payment information from the merchants because you'll need both keys. It isn't inflationary, and there are some anonymity to it. I want to talk about IRS's efforts and what we're doing. We started the cybercrime unit in about 2014. We have two full units that are located within Washington, D.C. and the Los Angeles field offices. The CCUs are really subject-matter experts in the area of cybercrime. And they work and assist on the most complex investigations within CI. Then we established our headquarters section in DC which was established in about 2016 to coordinate the activities occurring on a national level. Headquarter section is there to coordinate multijurisdictional investigations, assist with any policies and procedures or for consistency across the whole nation. We also have our cyber support unit, our computer scientists, contractors, and program managers all involved in our headquarter section. We also established cyber crime coordinators within each field office.

Really a point of contact for not only headquarters but to facilitate and really have a presence within each field office nationwide. We do also have our CIS agents, Electronic Crimes Analysts and some technical support personnel. And really support personnel and analysts are the technical experts within CI. And they assist agents with their specific techniques that we need to use at the time. So Michael, I actually believe it's time for our final polling question. >> MICHAEL: You got it. All right audience, here's our fourth and final polling question. Should be popping up on your screen now. And it reads IRS criminal investigation established a dedicated unit in headquarters to investigate cyber criminals in what year? So 1984. B. The year 2000. C. 2016 or D. Headquarters plans to start in 2030. So take a moment. Click the radio button that best answers the question. I'll give you a few more seconds to make those final selections. All right, we're going to close the polls. And we'll take a look at the correct answer on the next slide. The IRS criminal investigation established a dedicated unit in headquarters to investigate cyber criminals in C. 2016. And checking with the team, okay looks like we had a correct response rate of 74% on that one. So Nick, if you'd like to add any additional information, feel free. But if not, not a problem. I'll turn it back over to you. >> NICK: yeah, that's fine. It's just to quickly elaborate, we did start our cyber crime unit in 2014 which was established in the east and the west. And to help support them and really coordinate everything on a national level, we did start our cyber crime headquarters unit in 2016. But I'll continue on now. So let's talk about some of the IRS-CI enforcement efforts. We have investigative projects around virtual currency fax fraud, evasion, employment taxes, et cetera. We investigate and prosecute a lot of dark web marketplaces that use virtual currency as the means of facilitation. Some of these are like xDedic and Silk Road.

We also investigate and prosecute a lot of illicit exchanges and fraudulent businesses operating in cryptocurrency. We are also the leading agency in country on the J5 which is the Joint Chiefs of Global Tax Enforcement. And we do have direct involvement with NCFTA which is out of Pittsburgh and Europol. So what I'd like to do now is kind of quickly talk about some of the cases that we've had successful prosecutions on. First probably our biggest cyber virtual currency case to date which occurred in 2015. The creator and owner of Silk Road was sentenced to life in prison and ordered to forfeit $183,961,921 for engaging with criminal enterprise, money laundering conspiracy, and other federal charges. At that time approximately 173,991 Bitcoins were seized during the course of the investigation. Through his ownership and operation of Silk Road, he generated tens of millions of dollars from illicit sales and conducted through the site. This was a collaborative effort with several federal and state law enforcement agencies and he received that life sentence. Next case I want to talk on is AlphaBay Market, it was an online dark net market which operated in onion service out of the TOR network. Those were those sites we showed you earlier. It was a popular site for drugs, stolen credit cards, counterfeit documents, and cyber crime kits. It was shutdown in 2017 and its founder, a Canadian citizen, was found dead in his cell in Thailand several days after his arrest. XDedic, in 2019 during an international operation, IRS-CI, FBI, and other agencies were able to seize the domain of the XDedic Marketplace, it facilitated over $68 million in fraud. The website operated for years and was used to sell access of compromised computers worldwide and sell personally identifiable information of U.S. residents. Data was obtained from data breaches on a variety of businesses including hospitals, universities and others. And lastly the One Coin. One Coin was one of the worst ICOs of 2017. It was a textbook scam from start to finish. One Coin was a multilevel marketing Ponzi scheme. There was no information a token was ever created. The team had little concrete to show investors and certainly no working prototype. Some of the team's biggest members had previously been linked to other scams. The founder and COO may have falsified qualifications on the company's website. Speaking of the website, it was a parody of a scam site, technical problems were common. Numerous governments warned against investing. On April 24th, authorities raided a One Coin meeting. 18 were jailed but not before One Coin scammed investors of $350 million. They accepted funding in standard currency, not Bitcoin like most ICOs. It was a black eye on the crypto world. Look at the IRS Publication 4157,, go to also if you suspect a data breach and search for Stakeholder Liaison. You also have for cyber complaints. Coinatmradar, and coinmarketcap. Michael, that's all I have. I'll turn it over to you for questions. >> MICHAEL: Thanks for all of the information, Nick. Looks like we have plenty of questions rolling in. Thank you, audience, for typing those in. It is me again, Michael Smith.

And I will now be moderating our question and answer session. Let me introduce our speaker, Carlos Ramon, program manager with Criminal Investigations. He will be answering your questions. Carlos has worked with IRS's criminal investigation for over 16 years. He has a master's degree in accounting, and a doctorate in systems information management with a concentration of studies on block chains. Earlier I mentioned we want to know what questions you have for our presenters. And this is your opportunity, if you haven't done so already, please feel free to input your questions. There is still time. Just click on the drop down arrow next to the ask question field.

Type in your question and click send. Now one thing before we start, we may not have time to answer all of the questions submitted, however we will answer as many as time allows. So Carlos, let's go ahead and get started. All right the first one is pretty standard. We hear this a lot.

And the first question we have is how can I implement a data security plan for my office? >> CARLOS: Yeah, good afternoon everybody. The best recommendation that I can give you right now is to go to IRS publication 4557, that's safeguarding taxpayer data. And it's creating an information security plan for your practice. Also as Nick mentioned in the presentation today is to go to the National Institute of the Standard Technology, they have a cyber security framework that can be used for your business. And some of the basics are installing a software on all of your devices.

Also keep the software automatically updated. And using strong passwords. But also something that is very important is need to know basis. So limit the access to the taxpayer data to individuals that really need to know. So not all in the business need to have access to all of that. Thank you. >> MICHAEL: Okay, great tips, Carlos. Thanks. A number of the items you mentioned are on that resources slide that Nick just covered too. So all of the audience members should have access to that PowerPoint so they can download that and have the exact website. Thanks for that answer.

Let's see, the next question we have, if you need me to reread this or clarify, feel free to ask again. Not a problem. This question reads in the business email compromise example, the sender's email address is not the correct one, right? They've modified it, is that correct? >> Yes, that's what we call a masked email. And normally when this criminal uses a masked email they might use the real name of the person if it's the CEO of a company or an important person in the company. So the email is fairly similar to their email, but it may change just a letter or two. And that's what we call a mask email. This is why it's important to check who the email is being sent, not just read the name but also the email themselves, so the heading. That way you can know if the email is coming directly from your company or from somebody else. Some security measures that IT normally use in companies is that they allow you to know if the email is actually coming from an external source. So it will have in the email when you receive it, it will say EXT like external.

That way you can know if the email is actually coming from another source that is not generally from your company. Thank you. >> MICHAEL: Good answer. Thanks. That helps to know about all of the masking that can occur with the email addresses. All right, the next question reads, what was the national standards website again? >> CARLOS: Oh yes, that's the National Institute of Standards Technology, that would be That's where you can find a lot of the information there about cyber security and a lot of the information where they pretty much provide information and the standards of security for creating the information that we just mentioned here. >> MICHAEL: Okay, great. Just checking through my notes I do see that that website is listed in our PowerPoint as well so the audience can download that directly. Let's look at the next question. This one might be complicated or it might be simple, I'm not sure. So the question is what is mining virtual currency? Maybe you can just explain that process to us in a little more detail. >> CARLOS: Yes, can you hear me? >> Yes. Go ahead. >> CARLOS: Perfect. Mining cryptocurrency, that concept came with the Bitcoin and all of that. Pretty much it's a process where you have a very powerful computer that are working these mathematical algorithms and they use a lot of power to solve some mathematical problems and that's when you have the creation, one installs the creation of the block chain and the Bitcoin. Pretty much we consider that mining because depending on the cryptocurrency, in Bitcoin in mining. But it's just the work of creating the Bitcoin. A lot of people ask that just because you have creating Bitcoins, and then you're going to have expenses as well associated. So at the end of the day you need to know how much you could lose at the end of the year and then how much you spent to mine Bitcoin. So that's why this question comes along very often about mining cryptocurrency. >> MICHAEL: Okay. Thanks for your take on it. It's complicated.

It is. Thanks for that clarification and explanation. This next question, it is kind of a long one, so let me know if you'd like me to reread this, I'll try to read through it slowly. So the question reads does IRS require tax professionals to create a data security plan and are there penalties if they do not? >> CARLOS: Okay, yes. An institution must protect the consumer information they collect. So it requires companies to ensure the security and confidentiality of their consumer information. So the answer will be yes. The financial institution is included in that.

Prior to the implementation of the GLB act, they issued a rule which requires financial institutions to have measures in place to keep customer information secure. So the safeguard rule requires companies to include a written information security plan to protect customers information. This is why also we have the IRS Publication 5708 that wasn't discussed in the presentation, but it was recently created by IRS. It will give you the guidance of having an information security plan in practice. >> MICHAEL: Okay so Publication 5708, thanks for clearing that up for us. Trying to read through some of the other questions coming in here. Thanks for that answer. This next question reads during the presentation you mentioned that cryptocurrencies are secure. But we see in the news people losing cryptocurrencies or values dropping to 0. So are cryptocurrencies secure? >> CARLOS: That's a good question. And normally we can say that cryptocurrencies themselves are secure by the cryptograph themselves. The cryptography is very secure. But the question will be is my system that I use to hold my cryptocurrency secure enough? Would I have the initial software to protect my equipment? So in comparison do I keep the privacy for my cryptocurrency and stay protected, if the answer is no, then the cryptocurrency will not be secure because you have other people who have access to your private keys or the paraphrases for my money creation to have access to your wallet. In general terms, normally cryptocurrency are very secure, but it all depends on how you hold them, where you hold them, pretty much. >> MICHAEL: Okay, I think that clears it up. The account is just as insecure but maybe not necessarily the cryptocurrency. We have another question that this may be more of an opinion question, so not sure if you can answer this exactly. But the question reads is cryptocurrency something that will replace all currency?

>> CARLOS: Yes, it's mostly an opinion that people have. I mean like we mentioned before, cryptocurrency is not a real currency or fiat currency, it's not the U.S. currency itself. So right now that's a very complex question that a lot of different countries are trying to answer and finding different solutions. Some of the solutions that different countries are mentioning is to have access to creating their own coin. Other countries are like using cryptocurrencies that are already in use like Bitcoin as part of their currency. But for U.S. right now, cryptocurrencies are not a real currency. They may be convertible to real currency or fiat currency and if we're going to keep them, it will have regulations already in place. So right now it's very hard to say. We will have to see how the treatment of the cryptocurrency will go throughout the years. >> MICHAEL: Okay, fair enough. We will see what happens in years to come. All right. Thank you so much, Carlos. It looks like that is all the time we have for questions. Again I want to thank our speaker, Nick, Silva, and you, Carlos, again our subject matter expert for sharing your knowledge, expertise, and for answering our questions. Before we close out the session, Nick, do you have any key points that you want the attendees to remember from today's webinar? >> NICK: Yeah. Thank you, Michael. The following are just some key points I wanted the audience to remember. And they are pretty much that remember the three processes of a business email compromise is social engineering, then grooming, and then final is the exchange of information. Remember that ransomware is a type of malicious software or malware that encrypts data on a computer making it unusable. Additional key points, in the dark web, you find dark web services that includes the illegal selling of weapons, drugs, fake documentation services, pornography, and amongst many other things. If you suspect a data breach, you should definitely contact your stakeholder liaison. There are thousands of cryptocurrencies in existence. But Bitcoin is still the most famous one or most widely used. And the final key points I have are virtual currency is recognized as property, not currency. And most criminals use cryptocurrency because it's fast, mobile globally, it's cheap for consumers and merchants and there is some anonymity with it. That's all I have. Thanks everybody. And Michael, I'll turn it over to you. >> MICHAEL: Thanks, Nick, for those key points. Audience, we are planning additional webinars throughout the year. To register for all upcoming webinars, please visit, keyword search webinars and select the webinars for tax practitioners or webinars for small businesses link. When appropriate, we will be offering certificates and CE credit for upcoming webinars. We invite you to visit our video portal at There you can view archived versions of our webinars. Please note continuing education credits or certificates of completion are not offered if you view any version of our webinars after the live broadcast. Again a big thank you to Nick and Carlos for providing a great webinar, sharing their expertise and answering our questions. I also want to thank you, our attendees, for attending today's webinar In Support of the 2022 National Tax Security Awareness Week, the IRS Security Summit has presented a Deeper Dive into Emerging Cyber Crimes and Crypto Tax Compliance. If you attended today's webinar for at least 50 minutes after the official start time of the webinar, you will qualify for one possible CE credit. And the time we spent chatting before the webinar started does not count towards those 50 minutes. If you're registered with the IRS, your credit will be posted in your PTIN account. If you qualify and have not received your certificate and/or your credit by December 20th, please email us at the address on your screen, v. If you're interested in finding out who your local stakeholder liaison is, you may send us an email using that address on the slide as well and we'll send you that information. We would appreciate it if you would take a few minutes to complete a short evaluation before you exit. If you'd like to have more sessions like this one, let us know. If you have thoughts on how we can make these better, please let us know that as well. If you have requests for future webinar topics or pertinent information you'd like to see in an IRS Fact Sheet or an FAQ on, please include those suggestions in the comments section of the survey. Click the survey button on the screen to begin. If it doesn't come up, just check again to make sure you disabled your pop up blocker. It has been a pleasure to be here with you.

And on behalf of the Internal Revenue Service and our presenters, we would like to thank you for attending today's webinar. It's important for the IRS to stay connected with the tax professional community, individual taxpayers, industry associations, and also federal, state, and local government organizations. You make our job a lot easier by sharing the information you learned here that allows for proper tax reporting. Thank you for taking the time out of your day to attend today's webinar. We hope you found the information helpful and you may exit the webinar at this time.