The Internal Revenue Service today announced that spear phishing is the 8th item on the 2022 “Dirty Dozen” scams warning list and a serious problem because it can be tailored to attack and steal the computer system credentials of any small business with a client data base, such as tax professionals’ firms.
“Tax professionals generally relax a little after filing season and many take a well-deserved vacation but don’t let your IT defenses down,” said IRS Commissioner Chuck Rettig. “Spear phishing remains one of the biggest threats to the tax industry and other client-based enterprises.”
Spear phishing is an email scam that attempts to steal a tax professional’s software preparation credentials. These thieves try to steal client data and tax preparers’ identities in an attempt to file fraudulent tax returns for refunds. Spear phishing can be tailored to attack any type of business or organization, so everyone needs to be on the lookout and not rush to act when a strange email comes in.
The IRS has compiled the annual “Dirty Dozen” list for more than 20 years as a way of alerting taxpayers and the tax professional community about scams and schemes. The list is not a legal document or a literal listing of agency enforcement priorities. It is designed to raise awareness among a variety of audiences that may not always be aware of developments involving tax administration.
“Dirty Dozen” scams tend to be most prevalent during the filing season but criminals are busy all year long.
The IRS, state tax agencies and the nation’s tax community – working together as the Security Summit – continue to see an increase in this scheme attacking the tax professional community.
The latest phishing email uses the IRS logo and a variety of subject lines such as “Action Required: Your account has now been put on hold.” The IRS has observed similar bogus emails that claim to be from a “tax preparation application provider.” One such variation offers an “unusual activity report” and a solution link for the recipient to restore their account.
Emails claiming “Your account has been put on hold” are scams. The scam email will send users to a website that shows the logos of several popular tax software preparation providers. Clicking on one of these logos will prompt a request for tax preparer account credentials.
The IRS warns tax pros not to respond or take any of the steps outlined in the email. Similar emails include malicious links or attachments that are set up to steal information or to download malware onto the tax professional’s computer.
In this case, if recipients enter their credentials into the pop-up window, thieves can use this information to file fraudulent returns by using credentials that were provided by the tax professional. For more information, see IR-2022-36.