Warning to Tax Professionals "Don't Take the Bait!"

January 26, 2018

Better Business Bureau (BBB) serving Nebraska, South Dakota, The Kansas Plains and Southwest Iowa wants tax professionals to know that The Security Summit (The Internal Revenue Service (IRS), state tax agencies and the tax industry) is warning that cyber criminals are already at work as tax season approaches. Scammers are using a new round of emails posing as potential clients or the IRS to trick tax practitioners into disclosing sensitive information.

The Security Summit partners are encouraging tax practitioners to be wary of communicating solely by email with potential or existing clients, especially if unusual requests are made. Data breaches have given thieves millions of pieces of personal identity including: names, addresses, Social Security numbers and email addresses.  According to the IRS, “Thieves may try to leverage stolen identities to steal even more data that will allow them to better impersonate taxpayers and file fraudulent tax returns for refunds. If in doubt, tax practitioners should call to confirm a client’s identity.”

Tax professionals have already reported numerous attempts by cyber criminals to penetrate their security by posing as potential clients. Crooks are using the same tactic they did last year – using phishing emails to trick tax practitioners into opening a link or attached document.

The IRS has seen some early variations of these email schemes:

  • “Happy new year to you and yours. I want you to help us file our tax return this year as our previous CPA/account passed away in October. How much will this cost us?...hope to hear from you soon.”

  • "Please kindly look into this issue, A friend of mine introduced you to me, regarding the job you did for him on his 2017 tax. I tried to reach you by phone earlier today but it was not connecting, attach is my information needed for my tax to be filed if you need any more Details please feel free to contact me as soon as possible and also send me your direct Tel-number to rich (sic) you on.”

  • “I got your details from the directory. I would like you to help me process my tax. Please get back to me asap so I can forward my details.”

If the tax practitioner responds, the scammer will send a second email that contains either a phishing URL or an attached document that contains a phishing URL, claiming their tax data is enclosed. They want the tax pro to click on the link or attachment and then enter their credentials. In some cases, the URL or attachment might be malicious and if clicked will download malicious software onto their computer.

Depending on the kind of malware, this scheme could give the thieves access to the tax practitioners’ secure accounts or sensitive data. It may even give them remote control of the tax professionals’ computers.

BBB President Jim Hegarty advises, “Tax practitioners receiving fraudulent emails that look like they are from the IRS or from their tax software provider, should go directly to the main website of the IRS at IRS.gov, rather than opening any links or attachments. Forward attempted phishing emails to phishing@irs.gov. Remember, the IRS does not send unsolicited emails. You can also report the scam to BBB Scam Tracker at bbb.org/scamtracker/us.

ABOUT BBB: Better Business Bureau has been assisting U.S consumers and businesses since 1912. It is a private, nonprofit organization dedicated to advancing trust in the marketplace. In 2017, BBB provided nearly 225 million instances of service to businesses, charities and the general public.  BBB has Business Profiles on more than 4.7 million businesses and Charity Reports on over 11,000 charities, all available for free at bbb.org. Today, BBB serving Nebraska, South Dakota, The Kansas Plains and Southwest Iowa is supported by approximately 10,000 Accredited Businesses that have voluntarily committed to adhere to BBB’s Standards of Trust.