Tax professionals are target of yet another scam
Friday, November 04, 2016
They're back. OK, they never really left.
They are tax scammers. And they are once again targeting tax professionals.
Specifically, says the Internal Revenue Service, tax con artists have their sights on tax pros who use the agency's e-services.
Phishing for tax pro data: The crooks are sending these tax pros an email asking them to update their accounts and directing them to a fake website.
The subject line for the fraudulent email is "Security Awareness for Tax Professionals," purportedly coming from "Your e-Services Team."
The scam email tells recipients that information was stolen from certain user accounts in 2015 from a state-sponsored actor. It says they should upgrade their e-service account to ensure protection of their information by clicking on the provided login to access their accounts for security upgrade.
As with many phishing attempts, the email includes touches to try to convince recipients that the email is real. In this case there's an IRS logo and an e-services logo.
Both of these fake IRS images, warns the real IRS, contain hyperlinks to a URL that's been verified as a phishing site. The spoofing site poses as an e-services registration page.
This latest tax-pro targeting comes as the IRS is strengthening its e-services authentication process and working to improve communications with tax professionals about their accounts.
Scammers are attempting to steal e-services usernames, passwords and possibly more personal data through the fake registration page.
Recovery steps: If you already clicked on the fake logo and provided your username and password, the IRS wants you to contact its e-services help desk to reset your account.
If you use the same password for other accounts, change those ASAP.
And as an extra precaution, the IRS recommends you perform a deep security scan on your computers, re-evaluate security controls and stay alert to any other signs of identity theft or data compromise.
Additional tax pro security measures suggested by the IRS and its Security Summit partners include:
- Always use robust security software
- Use encryption software to protect taxpayer data
- Use strong passwords and change them often
- Learn to recognize phishing emails attempting to steal data
- Never click on links or download attachments from suspicious emails
- Beware of any communications claiming to be the IRS that are outside normal channels
You also can review the agency's Protect Your Clients, Protect Yourself web page for other steps you can take to protect your tax preparation business and your customers' information.
You also might find these items of interest:
Very informative post Kay. Scammers are also attacking tax professional's websites in the hopes they can snatch their client's identities. We signed up with Sitelock.com to provide us with a firewall after we were attacked ourselves. That stopped them in their tracks. Client isn't on the site so there was no danger of their data getting stolen. But it did take a considerable amount of man hours to stop them. Better to have the firewall in place before scammers come knocking.
Posted by: Matt LaClear | Friday, November 04, 2016 at 04:46 PM