Tax Professionals Warned of Evolving Identity Theft Scams, IR-2022-143

The IRS and the Security Summit partners have warned tax professionals to beware of evolving identity theft scams perpetrated through phishing emails and SMS-text that are designed to trick practitioners into opening embedded links or attachments that infect their computer systems with the potential to steal personal and client information such as passwords, bank account numbers, credit card numbers, or social security numbers. The IRS has urged tax professionals to work on strengthening their systems and protect client data by avoiding such scams and take necessary measures to protect themselves, such as:

• multi-factor authentication, wherein tax professionals using cloud-based platforms are urged to use multi-factor options like phone, text, or tokens. This could avoid potential vulnerabilities with authentication done just through email, which may be accessible to identity thieves;
• automatic updating of anti-virus software to prevent scams that target software vulnerabilities; and
• drive encryption and regular backing up of files to help stop theft and ransomware attacks.

The IRS has also identified various kinds of scams that tax professionals should keep an eye out for, such as:

• spear phishing in which scammers take time to identify their victim and craft a more enticing phishing email known as a lure;
• identity thieves who pose as potential clients and exchange several emails with tax professionals before following up with an attachment that they claimed was their tax information. Once the tax professional click on the embedded URL and/or opened the attachment, malware is secretly downloaded onto their computers, and gives thieves access to passwords to client accounts or remote access to the computers themselves. After the thieves take over the computer systems, they identify pending tax returns, complete them, and e-file them, changing only the bank account information to steal the refund; and
• ransomware attacks that make an unsuspecting tax professional open links or attachments, triggering malware to attack their computer system to encrypt files and the thieves hold the data for ransom.

The IRS has also reminded tax professionals that securing their network to protect taxpayer data is their responsibility as a tax preparer.