The IRS and its state and industry Security Summit partners have issued a new warning to tax practitioners to beware of phishing emails posing as state accounting and professional associations.
Last week, the IRS received reports from tax professionals who received fake emails that were trying to trick them into disclosing their email usernames and passwords. Cybercriminals specifically targeted tax professionals in Iowa, Illinois, New Jersey and North Carolina. The IRS also received reports about a Canadian accounting association.
The awkwardly worded phishing email states: “We kindly request that you follow this link HERE and sign in with your email to view this information from (name of accounting association) to all active members. This announcement has been updated for your kind information through our secure information sharing portal which is linked to your email server.”
Tax practitioners nationwide should be on guard because cybercriminals can easily change their tactics, using other association names or making other adjustments in their scam attempts.
Tax practitioners who are members of professional associations should go directly to those associations’ websites rather than open any links or attachments. Tax practitioners who receive suspicious emails related to taxes or the IRS, or phishing attempts to gain access to practitioner databases, should forward those emails to firstname.lastname@example.org.
This scam serves as a reminder to all tax professionals that cybercriminals are targeting their offices in an attempt to steal client data.