You probably won’t believe this, but the Internal Revenue Service reported new phishing email scams are targeting tax professionals. In one of this week’s IRS Newswire press releases, the agency identified two scams using “business email compromise/business email spoofing (BEC/BES) tactics.”
In the first BEC/BES scam on the IRS’ radar, cybercriminals are impersonating a company employee to request human resources or payroll staff—whichever applies to the company being targeted—change the bank account receiving direct deposits. The IRS doesn’t believe this scam is meant to be a long-term grift, since it generally only snags a couple paychecks before being discovered by the victim, the company, or both.
The second scam on the list involves fraudsters impersonating a high-ranking executive in the target company in an attempt to convince an employee to perform a wire transfer. According to the IRS, “these BEC/BES scams … take many forms, such as fake invoice payments, title escrow payments, wire transfers, or other schemes that result in a quick payoff for the thief.” Alarmingly, “companies that fall victim to this scam can lose tens of thousands of dollars.”
These phishing schemes can be harder to detect, since the emails appear to be legitimate. Luckily, you can learn to spot them. While bad grammar—especially errors that might indicate a non-native speaker—can be a dead giveaway, having a written policy for handling anything involving personally identifiable information can help protect against these scams. Aside from the practical benefits of having it on paper, the FTC requires all paid tax return preparer offices have a written security policy.
Source: IRS Newswire