Cyber-scammers are licking their chops at the arrival of tax season.
Even as you read this, they may be compiling lists of likely targets, including accountants, tax preparers and other financial professionals. Your name might be on there as well, especially if your practice includes taxation, estates, business law or domestic relations.
You might even make the list just because you’re a taxpayer.
“I urge taxpayers to be wary of clicking on strange emails and websites,” said IRS Commissioner John Koskinen in a recent warning letter. “They may be scams to steal your personal information.”
The most common trap is a phishing email or phony website that lures in victims and steals their personal or financial data. From there, mayhem is sure to follow.
Phishing made this year’s Dirty Dozen ranking of IRS tax scams. You can view the full list here.
Phishing Season Opens
Tax phishing scams follow the usual pattern.
An unsolicited email is sent to a potential target – let’s say an accountant – ostensibly from a client requesting tax assistance. If the accountant responds, a second email is sent, which may include a web link or attachment. By clicking on the link or downloading the attachment, the recipient exposes their email address, password and other private information. Often the scammers use the data to claim fraudulent refunds.
What makes the scheme so insidious is that the initial email appears to come from a legitimate source such as an actual client or email contact.
A variation on the scam asks tax professionals to update their IRS e-services portal information and their Electronic Filing Identification Numbers (EFINs). The email is bogus, and the links are snares.
“Keep in mind the IRS generally does not initiate contact with taxpayers by email to request personal or financial information,” according to the IRS letter. “This includes any type of electronic communication, such as text messages and social media channels. This email was not generated by the IRS e-services program. Disregard this email and do not click on the links provided.”
In addition, the IRS advises caution when using tax-preparation software. It recommends that professionals do a comprehensive review of their cyber-security practices and consult with technology experts if help is needed.
“Regardless of the security measures taken, however, accountants and other professionals must remain vigilant for potential attacks,” says Professional Liability Matters. “If an email looks suspicious, or includes a link that the professional is not expecting, avoid opening the attachment and further investigate its source. Professionals who fail to make data security a priority, could not only compromise their clients’ data, but also their professional reputation.”
If you receive an unsolicited email that appears to be from either the IRS or an affiliated organization like the Electronic Federal Tax Payment System, report it by sending it to firstname.lastname@example.org.
Click here for more tips on avoiding email scams.
- Professional Liability Matters http://professionalliabilitymatters.com/2017/03/08/irs-warns-cpas-beware-of-phishing/