Identity theft is increasing, and the IRS is helping protect taxpayers from phishing scams and other cybercrime. A tax season phishing scam is uncovered seemingly every week. That’s why tax professionals need to be proactive about protecting data and staying vigilant.
The IRS Protect Your Clients; Protect Yourself campaign is a great source for staying informed about recent scams, cyber threats and alerts. Although we are not aware of our customers being targeted, keep an eye out for these scams.
Access Locked Scam
The most recent scam surfaced on February 17, 2017, with the IRS warning tax professionals to be on the lookout for phony software emails. These emails appear to come from a software vendor and have the subject line “Access Locked.” The email contains a link to a fraudulent site that asks the target to enter their username and password. In fact, the tax preparers targeted by this scam have not had their software access locked, but are actually providing their login credentials to scammers.
Avoid this scam: The best way to avoid this scam is to never click on a link in a suspicious email and always access your account through our main website at CCHGroup.com.
The W-2 Scam has been the subject of several IRS alerts recently, with more professionals in different industries being targeted. This scam is not specific to tax preparers, but targets payroll and HR departments, so firms that provide payroll services may be at risk. Scammers who use this method send an email that appears to come from the CEO or other executive of a company asking for information that may include W-2 forms, Social Security numbers and employee lists. Be aware that an email claiming to come from a customer may be “spoofed” or doctored to appear legitimate.
Avoid this scam: Never send sensitive information via email. Use portals or other secure file sharing tools, and make sure you are sending any credentials to a verified email address.
2-Stage Email Scam
This scam gains your trust through an initial email from someone claiming to need help with their taxes. While the first stage is harmless, a second email will contain a link or attachment that is unsafe. You may think you are downloading a client’s tax information, but in reality you could be providing your email address and password to scammers.
Avoid this scam: Collect your clients’ information through a secure portal or online tax organizer that you provide. Implement client intake procedures to verify client identities before putting yourself at risk.
Software Update Scam
Last summer, the IRS warned tax professionals about fraudulent emails that appeared to come from a software vendor. The email informed targets that they needed to download a software update. However, instead of a legitimate software update, the victim is actually downloading key-logging software. Once downloaded, the software tracks the professional’s keystrokes to steal login credentials and other data.
Avoid this scam: Software updates should be downloaded either through the Software Update Manager or from the support site at support.cch.com, depending on which product you are updating. Never download an attachment that you aren’t expecting to receive, even if it appears to be from a legitimate source.
E-Services Email Scam
Tax professionals who use IRS E-Services have reported receiving phishing emails that appear to come from the IRS. These emails direct targets to a fake website where they are prompted to enter their e-services login credentials. Although the emails and fake website use the IRS logo, they are fraudulent.
Avoid this scam: Always access e-services by going directly to IRS.gov, and don’t assume an email is safe just because it uses an official IRS logo.
The IRS has created its Protect Your Clients; Protect Yourself campaign to help educate tax professionals about threats to client data. Stay informed of the most recent IRS announcements by registering for the IRS e-News for Tax Professionals. You can also follow the IRS on Twitter or Facebook.