Tax pros: Beware of pandemic-related email schemes

COVID Tax Tip 2021-126, August 26, 2021

All tax pros need to beware of evolving phishing scams that use various pandemic-related themes to steal client data. It is the tax preparer’s responsibility to secure their network to protect taxpayer data.

Tax pros, especially those who engage in remote transactions, remain vulnerable to identity thieves posing as potential clients. The criminals then trick practitioners into opening email links or attachments that infect computer systems.

The warning about these phishing scams comes as part of the IRS and its Security Summit partners annual summer campaign. This year’s theme, Boost Security Immunity: Fight Against Identity Theft, urges tax pros to step up their efforts to protect client data.

Scams may differ in themes, but they generally have two traits:

  • They appear to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS.
  • They tell a story, often with an urgent tone, to trick the receiver into opening a link or attachment.

Fraudsters continue to impersonate pandemic-related government benefit programs to launch phishing campaigns. Pandemic-related scams may be delivered by email, social media, phone, or text, and may reference legitimate programs such as Economic Impact Payments. Instead of providing economic relief, these scams collect personal and financial information. Legitimate government programs will have corresponding information on their official government websites.

Phishing emails or SMS/texts – known as smishing – attempt to trick the person receiving the message into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Anyone with a smartphone is a potential target. Smishing scams may leverage the child tax credit or other pandemic-related tax-related programs to trick recipients into visiting phishing websites.

A specific kind of phishing email is called spear phishing. Rather than the scattershot nature of general phishing emails, scammers take time to identify their victim and craft a more enticing phishing email known as a lure. Scammers often use spear phishing to target tax pros.

In a reoccurring and very successful spear phishing scam, criminals pose as potential new clients, exchanging several emails with tax pros before following up with an attachment that they claimed was their tax information. Once the tax pro clicks on the URL or opens the attachment, malware secretly downloads onto their computer, giving thieves access to passwords to client accounts or remote access to the computer. Thieves then use this malware known as a remote access trojan to take over the tax professional’s office computer system, identify pending tax returns, complete them and e-file them, changing only the bank account information to steal the refund. This scam remains popular as many tax pros continue to work remotely and communicate with clients over email versus in-person or over the phone because of COVID-19.

Tax pros should follow basic security steps to protect their accounts and client data. For example, using the two-factor or the multi-factor authentication option offered by tax preparation providers or storage providers would protect client accounts even if passwords were inadvertently disclosed. Keeping anti-virus software automatically updated helps prevent scams that target software vulnerabilities. Using drive encryption and regularly backing up files helps stop theft and ransomware attacks.

More information: