IRS Warns of Security Awareness’ Scam
The IRS has issued an urgent alert to tax professionals who use IRS e-Services to beware of an e-mail asking them to update their accounts and directing them to a fake Web site.
The subject line for the fraudulent e-mail is “Security Awareness for Tax Professionals.” The “From” line is “Your e-Services Team.” The scam communication has both an IRS logo and an e-services logo that hyperlinks to a URL verified as a phishing site. The spoofing site poses as an e-Services registration page.
The scam e-mail tells recipients that information was stolen from certain user accounts in 2015 from a state-sponsored actor. It says users are being asked to upgrade their e-Service account to ensure protection of their information. It asks them to click on the login to access their accounts for security upgrade.
The IRS is in the process of upgrading e-Services security and has been communicating with tax professionals about updating their accounts.
If e-Services users have already clicked on the fake logo and provided their username and password, they should contact the e-Services help desk to reset their accounts. If the same password is used for other accounts, these should be changed as well.
Users should also perform a deep security scan on their computers, re-evaluate their security controls and be alert to any other signs of ID theft or data compromise, the IRS said, adding that tax professionals should always go directly to IRS.gov to access e-services and never click on any links provided in e-mails.
Tax professionals who receive a suspicious e-mail should send it as an attachment to Phishing@irs.gov and then delete it without clicking on any links.
For more, visit the “Protect Your Clients; Protect Yourself” IRS Web page.