Phishing Schemes Targeting Tax Professionals
Phishing scams are a dime a dozen. We have covered a lot of different types of scams in our blogs for a couple of reasons: they are constantly evolving, and the last thing we want is for our friends, family, or clients to fall prey to the next scam. Just a week ago, the IRS published a report outlining the newest tax scheme, which is designed to target tax professionals. We are, of course, keeping on top of any and all scams designed to swindle our clients or us out of sensitive information, and are taking every available measure to avoid being victims of scammers.
Newest Phishing Scam Mimics Tax Software Company Emails
The IRS alerted tax professionals that the email scheme is the latest in a series of attempts by scammers. They use the IRS or other tax issues as a way of tricking people into giving up sensitive information. This could be passwords, Social Security numbers, or even credit card numbers to make phony payments. The targets of this scam are tax professionals, who receive emails pretending to be from tax software companies.
How the Scheme Work
This scam is rather clever. The email contains a fake software update via a link embedded in the email. Once victims click the embedded link, they are directed to a website which prompts them to download a file which appears to be an update to their professional software. The file uses the actual name of their software, which is what makes this scam so believable. Once the file has been downloaded, tax professionals think they have downloaded a software update when they have actually downloaded a program designed to track key strokes.
The IRS is Fighting Back
The IRS only knows of a handful of these cases to date. Still, they are doing what they can to raise awareness about different types of schemes and encourage tax professionals to be on the lookout for them. The biggest tip is to never click on unexpected links in emails. This applies to tax professionals as well as individual taxpayers. They have also launched a new awareness campaign to warn tax professionals as well as individuals about security threats posed by phishing schemes. The Protect Your Clients; Protect Yourself campaign is designed to encourage tax professionals to take additional security measures. The campaign includes the following tips for tax preparers:
- Be Alert for Phishing Scams. Don’t click on links or open attachments contained in emails. Instead, always use the software provider’s main webpage to find out about updates or to connect to them.
- Use Good Antivirus Software. Regularly run security scans and deep scans to search for viruses and malware.
- Maintain Strong Passwords. Strengthen your passwords for both computer access and software access. The best passwords are a minimum of 8 characters and mix numbers, letters, and special characters.
- Educate Yourself and Staff. Email, phone, and text are the most common ways scammers contact their victims.
- Review Software Used for Remote Access. Remote access software is a potential target for scammers to gain access and take control of your computer.
When we think about phishing scams, we don’t typically think about tax professionals being the victims. Scam artists are getting more sophisticated each day with the schemes they employ to gain access to critical information. Targeting tax professionals is just the newest way for them to make an easy buck at somebody else’s expense.