Better Business Bureau (BBB) serving Nebraska, South Dakota, The Kansas Plains and Southwest Iowa wants tax professionals to know that The Security Summit (The Internal Revenue Service (IRS), state tax agencies and the tax industry) is warning that cyber criminals are already at work as tax season approaches. Scammers are using a new round of emails posing as potential clients or the IRS to trick tax practitioners into disclosing sensitive information.
The Security Summit partners are encouraging tax practitioners to be wary of communicating solely by email with potential or existing clients, especially if unusual requests are made. Data breaches have given thieves millions of pieces of personal identity including: names, addresses, Social Security numbers and email addresses. According to the IRS, “Thieves may try to leverage stolen identities to steal even more data that will allow them to better impersonate taxpayers and file fraudulent tax returns for refunds. If in doubt, tax practitioners should call to confirm a client’s identity.”
Tax professionals have already reported numerous attempts by cyber criminals to penetrate their security by posing as potential clients. Crooks are using the same tactic they did last year – using phishing emails to trick tax practitioners into opening a link or attached document.
The IRS has seen some early variations of these email schemes:
If the tax practitioner responds, the scammer will send a second email that contains either a phishing URL or an attached document that contains a phishing URL, claiming their tax data is enclosed. They want the tax pro to click on the link or attachment and then enter their credentials. In some cases, the URL or attachment might be malicious and if clicked will download malicious software onto their computer.
Depending on the kind of malware, this scheme could give the thieves access to the tax practitioners’ secure accounts or sensitive data. It may even give them remote control of the tax professionals’ computers.
BBB President Jim Hegarty advises, “Tax practitioners receiving fraudulent emails that look like they are from the IRS or from their tax software provider, should go directly to the main website of the IRS at IRS.gov, rather than opening any links or attachments. Forward attempted phishing emails to firstname.lastname@example.org. Remember, the IRS does not send unsolicited emails. You can also report the scam to BBB Scam Tracker at bbb.org/scamtracker/us.
ABOUT BBB: Better Business Bureau has been assisting U.S consumers and businesses since 1912. It is a private, nonprofit organization dedicated to advancing trust in the marketplace. In 2017, BBB provided nearly 225 million instances of service to businesses, charities and the general public. BBB has Business Profiles on more than 4.7 million businesses and Charity Reports on over 11,000 charities, all available for free at bbb.org. Today, BBB serving Nebraska, South Dakota, The Kansas Plains and Southwest Iowa is supported by approximately 10,000 Accredited Businesses that have voluntarily committed to adhere to BBB’s Standards of Trust.