It won’t come as a shock to tax professionals across the country when they learn there is a new tax-related identity theft scam targeting the tax industry. While the general tactic is something tax pros are accustomed to dealing with—a spear phishing email—it looks like cybercriminals are doing their homework when trying to make a quick, illicit buck off tax offices.
In a recent press release, the Internal Revenue Service noted that it has received numerous complaints of fraudsters sending emails containing “tax transcript” in the subject line to tax professionals across the country. The emails appear to be from the IRS, but those who download the attached file are infected with a particularly pernicious malware program: Emotet.
The IRS reported that Emotet is designed to steal banking information. Since it only takes one user being tricked into downloading the malware to infect every computer connected to the office network, avoiding the scam is extremely important.
Aside from underscoring that they never send emails containing tax transcripts, the IRS said that anyone who receives one of these tax-transcript scams can forward the email to phishing@irs.gov before deleting it. If you want to know other ways you can protect your business from similar threats, consider taking some basic data-security steps:
• Never open unsolicited emails. If you do accidentally open an email from an unfamiliar sender, be sure that you don’t open any attachments or click any links.
• Keep all installed computer programs updated. From your operating system to your favorite video game, out-of-date programs sometimes present security risks that hackers exploit.
• Avoid unfamiliar websites and Wi-Fi networks. Cybercriminals often spoof popular websites and Wi-Fi hotspots to steal your information via malware or old-fashioned phishing tactics.
Tax practices—especially offices with multiple preparers—are a prime target due to the sheer amount of financial data they handle each year. Rather than getting financial information from one victim, a successful attack on a tax office can net hundreds to thousands of full names, addresses, Social Security numbers, and more. That should place office security at the top of every preparer’s priority list every year. Even if the risk of having a catastrophic data breach wasn’t enough incentive to stay on top of data security, the Federal Trade Commission requires paid tax return preparers to have a written data-security plan.
Stay safe out there.
Source: IRS Newswire