IRS Warns Tax Professionals About Phishing Scams to Avoid a Data Breach

July 13, 2017

On Tuesday, the Internal Revenue Service (IRS) warned businesses of spear-phishing emails. These emails are targeted at tax professionals and may result in a data breach. IRS Warns Tax Pros About Phishing Scams to Avoid a Data Breach

“We are seeing repeated instances of cybercriminals targeting tax professionals and obtaining sensitive client information that can be used to file fraudulent tax returns. Spear phishing emails are a common way to target tax professionals,” IRS Commissioner John Koskinen said in a press release. “We urge practitioners to review this information and take steps to protect themselves and their clients.”

Phishing emails are often disguised with shoddy versions of logos and names of well-known organizations. They try to entice the user to click on a link, or download an attachment that actually installs malware. Once the malware is installed, the device may even be ‘taken hostage’ while information is stolen. If taxpayer information is stolen, it may result in identity theft or fraudulently filed tax returns.

Protect your clients and your business by knowing the signs of a phishing scam:

  • Look for imitation logos and email addresses. Scam artists often use variations of well-known names, logos, and email addresses of banks, charities, and businesses to lure victims in. Do not be fooled, and beware of any email that contains distorted or pixelated logos.
  • Inspect links and attachments. Before clicking a link or downloading an attachment, inspect the sender’s email address and hover over (without clicking) any links to see where the URL leads to. Even if the link seems familiar, do not click on any links unless you are absolutely sure who the sender is.
  • Contact the sender by phone. If you are unsure of the email, but are familiar with the sender, contact them by phone and delete the email.
  • Educate your employees. Almost all cyberattacks begin with a phishing email. Educate your employees on how to spot a phishing email, and what to do when they receive one.
  • Report scams when you see them. If you receive a phishing email, report it to our Scam Tracker at