Income Tax Professionals Beware: IRS Warns of Tax Scams Targeting Your Network and Data

Scammers are using all sorts of tricks to steal your sensitive information

IRS Warns of Tax Scams Targeting Income Tax Professionals
Image: NCCC
February 6, 2018

The Internal Revenue Service (IRS) is warning tax return preparers and other tax professionals about scams that seek to steal personal and professional information or that allow cybercriminals to obtain remote control of computer systems, complete and file client tax returns, and redirect tax refunds to other accounts.

Income tax time is high season for identity thieves and scams aiming to steal sensitive data from not only tax payers but tax professionals, as well.

Fake IRS Emails and Websites

Fake emails disguised as official correspondence from the IRS try to steal sensitive information. It's a phishing scam, which happens when an unsolicited email or a website poses as a real email or website in order to get victims to provide sensitive information, such as user names, passwords, ID numbers, account numbers, and more. Armed with this valuable information, a criminal can commit identity theft or financial fraud.

Phishing regularly makes the yearly 'Dirty Dozen' list of IRS tax scams.

Emails Claim You Need to update Information

In other cases, the fake IRS emails ask tax professionals to update their IRS e-services portal information and Electronic Filing Identification Numbers (EFINs). The links in the phishing email are to fake IRS e-services pages and are nothing more than a ploy to capture your username and password.

Last Minute Refund Destination changes

A common scam is a request to make a last-minute change to a taxpayer's refund destination. Criminals contact tax preparers and try to get the refund destination changed, often to a prepaid debit card. Tax preparers should confirm directly with a client when receiving a last-minute change of address or a change of the deposit account for refunds.

signs of a phishing message

Each phishing message is unique and some disguise themselves better than others. But there are some phrases that are typically used that entice unsuspecting recipients into the trap. These key phrases to watch our for include:

  • e-Service Account is Blocked
  • Few Hours to Close Your Account
  • Your Account is Closed
  • Your Account is Terminated
  • 24Hrs to Block Your Account

If You Receive A Suspicious Email, text message or social media message

If you get an unsolicited email that appears to be from the IRS, delete it. The IRS doesn't conduct its business via email, text messages or social media channels to request personal or financial information. Any links to websites within those emails will almost certainly take you to a phishing website. An alternative to deleting the email would be to mark it as spam. Some email clients, such as Gmail, have the option to report the email as a phishing email, which helps to protect other users on the network.

Fowarding suspicious emails to the IRS

The IRS recommends forwarding suspicious emails to them as attachments. But we don't agree.

In order to forward an email, you need to open it. When you open an email that is from a scammer or spammer, or even emails from a legitimate sender, there are often pieces of code in it that signal to the sender that the email was opened and that your email address is valid. You could be opening the door to even more emails.

When you open an email in order to forward it as an attachment, you also run the risk of inadvertently clicking a link or downloading a piece of malicious software to your computer.

Filing False Returns and Redirecting Refunds

Another IRS tax scam targets tax professionals in order to file fraudulent tax returns and stealing refunds of unsuspecting taxpayers. The scam can be hard to spot and typically works through the use of phishing emails, though insecure software, computer systems and passwords can also let them in. The scammers target your sensitive information and then use it to file fraudulent tax returns and redirect the money to another account.

Claims That You Need to Update Your Tax Software or revalidate your credentials

Some emails pretend to be from tax software companies you may use. The email requests that you download and install an important software update via a link included in the email. Once you click the link, you are prompted to download a file that truly appears to be a software update for a product you use. But instead of a software update, the file is a program designed to track keystrokes, which is a common way to steal login information, passwords and other sensitive data.

Alternatively, the email may claim that you must revalidate your login credentials due to a recent software upgrade. It provides a link to a fictitious website that mirrors your software provider's actual login page.

two-part phishing schemes

In another scam, an email solicitation arrives and says something similar to "I need a preparer to file my taxes." If the tax professional responds, the cybercriminal sends a second email which has either an embedded web address or a PDF attachment that has an embedded web address. You may think you are downloading or accessing a site with a potential client's tax information. In reality, cybercriminals are collecting the your sensitive information, including email address and password.

The emails may appear to come from a legitimate sender or organization or even a friend or colleague who has also been victimized. Criminals use the information they collect to take over emails accounts to send even more of these emails.

If you clicked a link and provided your e-services username and password

If you or another IRS e-Services user has already clicked on a fake logo or link and provided an IRS e-Services username and password, contact the IRS e-Services Help Desk to reset the account immediately at (866) 255-0654. If the same password is used for other accounts, those accounts should also be reset. Not everyone can spot these scams before they happen. But the sooner you work to rectify the problem after detection, the less damage can be done. You also don't want to open yourself to potential liability issues or lawsuits if you knowingly have a security vulnerability and don't correct it or if you know your information was compromised but didn't work quickly to rectify it.

If you need to access any part of the irs website

Whether you are a tax professional completing returns for the public or your average Joe completing your own return, you may need to access IRS e-Services or some other information on the IRS website. The best way to avoid phishing is to directly type the IRS.gov website into your web browser. You should NOT click any links in suspicious emails or third-party websites.

If you click a link in an email or third party website that appears to go to one place, it might end up going to another place altogether. Want to try it out safely? Click this hyperlink to IRS.gov, which really goes to a (great) article on our website about Nissan vehicles. Before you start calling us or sending emails... Yes. We do know that we just said not to click links in third party websites!

Tips for Tax Professionals

  • Run a security "deep scan" to search for viruses and malware;
  • Be wary of unsolicited emails advising you of a software update or upgrade;
  • Download software updates directly from your software update company's website or through a software update prompt inside the program;
  • Strengthen passwords for both computer access and software access, making sure it is a minimum of 8 digits (more is better) with a mix of numbers, letters and special characters;
  • Don't click on links or open attachments from unknown senders, even if they appear to be legitimate emails;
  • Educate all staff members about the dangers of phishing scams in the form of emails, text messages and social media channels, and phone calls;
  • Create internal policies or obtain security experts' recommendations on how to address unsolicited emails seeking your services;
  • Review remote access software that your employees and support vendors use to access your network remotely, which is a target for thieves to gain entry into your business; and
  • Review IRS Publication 4557, Safeguarding Taxpayer Data, A Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security.