The IRS and its Security Summit partners continue to see steady attacks aimed at the nation’s tax professionals to steal sensitive tax and financial information from their clients.

According to a news release, one of the most common threats facing tax pros is phishing and related scams. These are designed to trick the recipient into disclosing personal information such as passwords and bank account, credit card, and Social Security numbers, or into sending gift cards or wire transfers to the scammer.

Tax pros should be aware of different phishing terms and what the scams might look like:

  • Phishing/Smishing – Phishing emails or SMS/texts attempt to trick the recipient into clicking a suspicious link, filling out information, or downloading a malware file. Often phishing attempts are sent to multiple email addresses at a business or agency increasing the chance someone will fall for the trick.
  • Spear phishing – This is a specific type of phishing scam that identifies potential victims and delivers a more realistic email known as a “lure.” These scams can be trickier to identify since they don’t occur in large numbers. They single out individuals, can be specialized, and make the email seem more legitimate. These senders can pose as potential clients for a tax professional, luring the practitioner into sharing sensitive information.
  • Whaling – Whaling attacks generally target leaders or other executives with access to secure large amounts of information at an organization or business. Whaling attacks can also target people in payroll offices, human resource personnel, and financial offices.

Cloud-based Schemes

The IRS and its professional partners continue to see attacks that take advantage of cloud-based applications.

These schemes trick their victims with realistic-looking phishing emails that contain links to portals that look like these applications but are phishing websites designed to collect the tax preparer’s credentials.

Tax pros that use cloud-based applications to store information or run tax preparation software should use multi-factor authentication to help safeguard data. Multi-factor authentication provides an extra layer of security.

Warning Signs of Scams

Regardless of the type of phishing attempt, tax pros can protect themselves and their business by looking for warning signs like:

  • An unexpected email or text claiming to come from a known or trusted source such as a colleague, bank, credit card company, cloud storage provider, tax software provider, or even the IRS and other government agencies.
  • A false narrative with an urgent tone telling the receiver to open a link or attachment.
  • An email address, number, or link that’s misspelled or has a different domain name or URL like vs.

More Information:

Protect Your Clients; Protect Yourself

Nationwide Tax Forums 

Cybersecurity & Infrastructure Security Agency – Phishing Scam infographic

Source: IRS