Michael Lodge –
Every year the tax profession is attacked by various issues, this year it is e-mails to tax professionals to attack their data bases. Every year I write about taxpayers being aware of what your tax accountant is doing to protect your tax data. Some of you have already been hit by false tax filing from someone else who got your information through many different ways. Make sure that your tax accountant has you protected. There is no harm in asking your tax professional how he is protecting you. If your not happy with the answer find another tax firm that will try and protect you. Here is a good article on how tax practitioners are being hit through email scams.
The Internal Revenue Service, along with the state tax authorities and tax industry companies that are part of its Security Summit, issued a warning Wednesday to tax professionals to beware of a new two-stage email scam from cybercriminals who are posing as clients soliciting tax services.
A new variation of the long-running phishing scheme is now targeting accounting and tax preparation firms nationwide. The goal of the scam is to collect sensitive information that can enable criminals to prepare fraudulent tax returns.
The latest phishing emails typically arrive in two stages. The first email message is the solicitation, asking tax practitioners questions such as “I need a preparer to file my taxes.” If the tax professional responds to the first message, the fraudster sends a second email. This second email typically has either an embedded web address or includes a PDF attachment that has an embedded web address.
In some cases, the phishing emails seem to come from a legitimate sender or organization (perhaps a friend or colleague) because they too have been victimized by cybercriminals who have taken over their accounts to send phishing emails.
Tax practitioners may assume they are downloading a potential client’s tax information or accessing a site with their tax information. However, in reality, the fraudsters are collecting the preparer’s email address and password and perhaps other information.
The IRS is encouraging tax practitioners and tax prep firms to consider creating internal policies or seek recommendations from security experts about how to deal with unsolicited emails seeking their services.
The IRS cautions tax pros to never respond to or click on a link in an unsolicited email or PDF attachment from an unknown sender. As the IRS and its Security Summit partners step up their efforts to safeguard against identity theft, cybercriminals have need to become ever more sophisticated in their strategies for stealing client information from tax professionals. Criminals need more data in their effort to impersonate clients and file fraudulent returns to claim refunds, due to the IRS’s increased authentication steps for verifying the identities of tax filers, and schemes like this can help in this effort.
For tax preparation services, contact our office at: 877.778.1770