Spear phishing targets tax pros and other businesses

IRS Tax Tip 2022-100, June 30, 2022

Tax pros take their responsibilities to protect client data seriously. Knowing common identity theft scams, like spear phishing, is one way they can do that. Spear phishing scams can target specific individuals or specific groups. Spear phishing scams affect all types of businesses and organizations, including small businesses with a client database, like tax pros’ firms.

Thieves use spear phishing to steal computer system credentials.

Spear phishing scams target tax pros to steal their account credentials or install malicious software. Thieves can then steal client data and the tax preparer’s identity to file fraudulent tax returns for refunds.

Some common types of spear phishing emails include emails that claim to be from a tax preparation application provider that have the IRS logo, reference legitimate IRS programs or e-services, and use subject lines like, “Action Required: Your account has now been put on hold.”

Once someone has clicked the malicious link, the scam email will send them to a fake website, which prompts the victim to enter their credentials. If they do so, thieves can use this information to file fraudulent returns by using the stolen credentials. Other spear phishing emails may pose as potential new clients use malicious links or attachments that will download malware onto the victim’s computer to steal information.

If someone suspects an email is a phishing attempt, they shouldn’t respond, clink any links in the email or open any attachments.

Tax pros can use these tips to help protect client data:

  • Use separate personal and business email accounts
  • Protect email accounts with strong passwords and two-factor authentication
  • Install an anti-phishing toolbar to help identify known phishing sites
  • Use security software products with anti-phishing tools
  • Use security software to help protect systems from malware and scan emails for viruses
  • Never open or download attachments from unknown senders, including potential clients, request additional information to help verify their identity or call them to confirm the email is from them
  • Send password-protected and encrypted documents only
  • Don’t respond to suspicious or unknown emails; if the phishing email is IRS-related, save the email as a file, attach that file to an email, and send to phishing@irs.gov