The IRS is warning tax professionals of a rise in scams designed to steal taxpayer information.
The tax agency and its “Security Summit” partners — a group of state tax agencies and private tax industry organizations — said Tuesday (July 16) they are seeing a “steady stream” of phishing scams and cloud-based schemes.
These email attacks regularly number in the hundreds and can target tax professionals even when it’s not tax season, the IRS said.
“We continue to see a barrage of email and related attacks designed to trick tax professionals and gain access to their sensitive information,” said IRS Commissioner Danny Werfel. “These attempts can be elaborate, multi-layered efforts that look convincing and can easily fool people. Tax professionals need to be wary and educate their employees to use extra caution to protect their clients and their businesses.”
Among the scams the agency is warning about are phishing emails and so-called “spear phishing,” types of scam that has been covered here at PYMNTS.
“Phishing emails are among the most common scams, where fraudulent emails resembling trusted sources trick individuals into clicking on links that lead to convincing-looking fake websites,” PYMNTS wrote in February. “These emails often request personal information, which can then be used by criminals to gain access to bank accounts or commit identity theft.”
“Spear phishing,” that report added, “is a more targeted approach, with emails tailored to specific individuals or organizations based on research into job titles, colleagues’ names and other relevant information.”
Similar to spear phishing are whaling attacks, aimed at leaders and other executives with access to large amounts of information.
Also of note, the IRS said, are clone phishing attacks, a new type of scam that clones legitimate emails and resends them to the original recipient pretending to be the original sender, but with an attachment that contains malware or link that tries to steal information.
The IRS’ warning comes amid a wave of recent cyberattacks, such as the one revealed last week by AT&T, in which a fraudster “unlawfully accessed and copied AT&T call logs” impacting “nearly all of AT&T’s wireless customers and customers of mobile virtual network operators … using AT&T’s wireless network.”