WARNING OF SURGE IN “NEW CLIENT” SCAMS AIMED AT TAX PROS:
Previously, the IRS observed a surge in these seasonal "new client" scams where identity thieves target accounting groups and tax preparation firms with fake emails. This year, the IRS has already observed reports of new client scams. Typically, the new client scam peaks during tax season, which runs from January through April. With the 2024 tax season quickly approaching, fraudsters are impersonating real taxpayers seeking help with their taxes, using emails to try obtaining sensitive information or gain access to tax professionals' client data.
Tax pros: What to watch out for in the new client emails
New client scams can try a direct approach by sending an email asking the tax pro to help them with their taxes where the phishing email contains a malicious link or attachment. Or the scammer might take a more cautious approach by sending an initial email asking if the tax pro is seeking new clients. When the tax pro responds to the initial email, the scammer sends a second email that will then contain a malicious link or attachment.
During this process, the tax professional may think they are downloading a potential client's tax information or accessing a site with the potential client's tax information. Cybercriminals could collect the preparer's email address, password and possibly other information – or load malware onto the tax pro's computer to gain system access.
In one of the current examples being seen by the IRS, the new client scam features several red flags that should raise questions about the legitimacy of the email. This includes awkwardly phrased sentences and odd word usage. However, with access to a stolen email account, scammers can find a legitimate email from a previous victim's email account between the victim and their tax preparer. This email might have no grammatical or spelling mistakes or reference what appear to be legitimate tax issues, which is then re-purposed as part of the new client phishing scam. The subject line will often reference the current tax season and the underlying message will amount to the sender needing someone to "help prepare their taxes."
Here's an example of a current new client scam being seen:
Subject: 2024 Tax Submission
My name is (name can vary), I am searching for another CPA to help handle my taxes.
Is it safe to say that you are accepting new clients for the 2024 tax season? Do you additionally assist with IRS representation?
I figured I may have an issue with last year's return. (Click) HERE TO VIEW MY CREDENTIAL [Link to a phishing web address]
Upon your approval, we can arrange a physical or virtual meeting to discuss my situation and also provide my tax documents amongst others.
Kindly prompt how you plan to push ahead.
In some cases, new client phishing emails may appear to come from a legitimate sender or organization (perhaps even a friend or colleague) because their friend or colleague had their email account credentials stolen. Setting up two-factor or multi-factor authentication with your email provider can reduce the risk of having your email account compromised.
Posing as a trusted organization or friend remains a common way to target individuals and tax preparers for a variety of scams. Individuals should verify the identity of the sender by using another communication method; for instance, calling a number they independently know to be accurate, not the number provided in the email or text.
Where to report phishing emails and other scams
Report all unsolicited email - including the full email headers - claiming to be from the IRS or an IRS-related function to firstname.lastname@example.org. For those experiencing any monetary losses due to an IRS-related scam incident, please report it to the Treasury Inspector General for Tax Administration (TIGTA), Federal Trade Commission and the Internet Crime Complaint Center. People can also forward the email to your Internet Service Provider's abuse department.