It’s no secret that identity thieves want your information. Tax and accounting firms routinely handle clients’ financial information, and security breaches affecting these businesses can be even worse if criminals gain access to preparation software accounts—enabling them to more easily file fraudulent returns using authentic taxpayer data.
Aside from installing security software and keeping applications updated on all devices, one of the best ways to avoid this persistent threat is to stay informed about the latest phishing scams. In February, the Internal Revenue Service issued a warning about a new spear-phishing scam that specifically targets tax professionals.
What is a spear-phishing scam?
Phishing scams involve criminals who impersonate a trusted person, business, or organization in an attempt to get victims to provide sensitive information or money, normally crafting messages that are urgent or threatening to coerce recipients into action. Spear-phishing scams take place when the criminal already knows something about the person they are trying to defraud. They use this knowledge to craft messages that seem even more legitimate.
What is the latest tax-related phishing scam?
“The latest phishing email uses the IRS logo and a variety of subject lines such as ‘Action Required: Your account has now been put on hold,’” the agency explained in a news release. “The IRS has observed similar bogus emails that claim to be from a ‘tax preparation application provider.’ One such variation offers an ‘unusual activity report’ and a solution link for the recipient to restore their account.”
If you receive one of these emails, do not click on anything! After all, it’s never a good idea to click on attachments or embedded links in unsolicited emails, which can contain malware or direct you to a site that is designed to steal your information. The IRS says that they have seen some of these phishing emails include clickable buttons that look like the logos of professional tax software companies, and—when clicked—they “[request your] tax preparer account credentials.”
Should one of these scams show up in your inbox, report it to Phishing@IRS.gov and the office of the Treasury Inspector General for Tax Administration. Those who are tricked into clicking on links or willingly provide their account information should immediately contact their software provider to explain the situation.
For an example of one of these spear-phishing emails, check out the source link below.
Source: IR-2022-36