IRS Warns Tax Pros about New Phishing Scheme

Register now

The Internal Revenue Service is sounding the alarm about a new scheme in which scammers send emails purporting to come from tax software companies, instead fooling tax preparers into clicking on a link that will load malware on their computers.

The email urges recipients to click on a link to download an important new software update and install it. The executable file has the same name as the legitimate tax software, but instead of providing an update, the link instead downloads a program that will track the tax preparer’s keystrokes, allowing criminals to steal passwords, logins and other sensitive information.

The IRS has seen only a handful of cases of the scam so far, but it is encouraging tax professionals to beware of such scams and never to click on unexpected links in emails. Similar email schemes using tax software names have targeted individual taxpayers, the IRS noted.

The IRS recently began a public awareness campaign to alert tax professionals about security threats and identity theft issues targeting the tax industry. The Protect Your Clients; Protect Yourself campaign urges tax professionals to beef up their security protections and realize they increasingly are targets of cybercriminals.

The IRS is asking all tax preparers to avoid clicking on links or open attachments in e-mails. Instead they should use a software provider’s main website to connect to them. Tax pros should also run a security “deep scan” to search for viruses and malware on their computers.

They should strengthen their passwords for both computer access and software access. Passwords should be at least eight digits long (although more is better) with a mix of numbers, letters and special characters.

Tax practitioners should instruct their staff members about the dangers of phishing scams, which can come in the form of emails, texts and calls. They should also review any software that employees use to remotely access the firm’s network or the firm’s IT support vendor uses to remotely troubleshoot technical problems and support the business’s systems. Remote access software is a potential target for hackers to take control of a computer.

Tax professionals should also check Publication 4557, Safeguarding Taxpayer Data, A Guide for Your Business, which includes a checklist to help protect taxpayer information and improve security.

For reprint and licensing requests for this article, click here.