WASHINGTON — As the IRS intensifies its efforts through the annual Dirty Dozen tax scams campaign, tax professionals and businesses are being reminded of the persistent threat posed by email spearphishing attempts. In an environment where information is a prime asset, the risk of these targeted attacks remains high, particularly through deceptive practices such as “new client” scams.
Tax professionals hold extensive sensitive information, making them attractive targets for identity thieves. Scammers are constantly innovating to breach security systems, and a notable surge in spearphishing attempts has been observed, especially those where the criminals pose as potential clients through fake emails.
Spearphishing is a more sophisticated form of phishing, targeting specific individuals or organizations with malicious intent. For tax professionals, falling victim to a spearphishing attack could lead to unauthorized access to their systems and sensitive client information, potentially enabling the culprits to commit tax fraud and identity theft.
IRS Commissioner Danny Werfel emphasizes the critical nature of these threats: “Cyberattacks not only threaten the livelihood of the businesses but also the sensitive tax and personnel information that identity thieves use to file fraudulent tax returns.” As part of the Security Summit, an initiative involving the IRS, state tax agencies, and the tax industry, heightened vigilance and employee education are advocated to thwart these cyberattacks.
Initiated in 2002, the IRS’ Dirty Dozen campaign annually highlights twelve scams posing significant threats to taxpayers and tax professionals. While not a legal document, this campaign serves as an educational tool designed to protect against prevalent tax scams and schemes, including spearphishing.
Tax professionals can adopt several strategies to safeguard against spearphishing:
This particular scam involves cybercriminals impersonating potential new clients to trick tax preparers into engaging with their emails, which may contain malicious links or attachments designed to compromise the preparer’s computer systems.
Victims of spearphishing or observers of suspicious activities should report incidents to phishing@irs.gov, attaching the questionable email or text message. Additional reports can be made to the Treasury Inspector General for Tax Administration or the Internet Crime Complaint Center.
Furthermore, the IRS encourages reporting of abusive tax schemes and unethical tax return preparers using Form 14242 – either online or by mail to the IRS Lead Development Center.
The ongoing battle against tax-related cybercrimes necessitates a proactive stance from tax professionals and businesses alike. By staying informed and vigilant, the tax professional community can defend itself against these sophisticated and damaging cyber threats.
For more information on how to protect yourself and what to watch for, visit the IRS’ Report Phishing and Online Scams page.
Stay secure and protect your clients by staying one step ahead of cybercriminals.