The IRS recently issued a warning to tax professionals and businesses about a rise in spearphishing attacks aimed at stealing sensitive information. This alert is part of the IRS’s annual “Dirty Dozen” campaign, which highlights the top twelve scams targeting taxpayers and tax advisors each year.
Spearphishing is a type of email scam where criminals pretend to be potential clients to trick tax professionals into giving away personal and financial information. These attackers send emails that look real but are actually fake, trying to get access to computer systems and sensitive data.
IRS Commissioner Danny Werfel stressed the importance of staying alert. “Cyberattacks pose a threat to not just the livelihood of the businesses, but the sensitive tax and personnel information that identity thieves can use to try filing fake tax returns,” he said. “The Security Summit partners continue to urge tax pros and businesses to be on guard and educate their employees. Taking simple steps by using extra caution when opening emails, clicking on links or sharing private client information can prevent tax professionals from being taken advantage of by cybercriminals.”
Tips to Avoid Spearphishing Attacks:
- Be cautious with emails: Do not click on links or download attachments from unknown or unexpected emails, especially those that claim to be from new clients.
- Verify new contacts: If contacted by a potential new client via email, call them to make sure the email is legitimate.
- Use strong security on your accounts: Protect your email with strong passwords and two-factor authentication.
- Encrypt sensitive information: Only send sensitive information that is encrypted and password-protected.
- Keep your software updated: Ensure that your security software is up-to-date and includes anti-phishing features.
The IRS reminds everyone that while these scams are more common during tax season, they can happen at any time of the year. Tax professionals and businesses are advised to remain vigilant and proactive in protecting themselves and their clients.
How to Report a Spearphishing Attack: If you receive a suspicious email, forward it to phishing@irs.gov with details like the sender’s email address and the date and time it was received. The IRS also provides resources on how to recognize and report phishing attempts on their website.
The IRS encourages reporting abusive tax promoters and dishonest tax preparers using the online Form 14242, or by mailing or faxing the form to the IRS Lead Development Center.
The IRS and its Security Summit partners, which include state tax agencies and tax industry leaders, continue their joint efforts to prevent identity theft and tax fraud through education and heightened security measures.
Image: Envato Elements