Scammers target tax preparers with last-minute phishing attacks

Nothing is certain, except scams, death, and taxes.

Scammers target tax preparers with last-minute phishing attacks

Scammers are sending last-minute phishing attacks to tax preparers in the hopes of making off with taxpayers' refunds.

On 17 March, the United States Internal Revenue Service along with state tax agencies and other industry entities issued an alert warning tax professionals of a new phishing attack.

Scammers pose as ordinary taxpayers and contact the tax professionals via email. Most of the time, they ask that the professional updates their refund destination to a prepaid credit card. Other times, they try to phish for the professional's email credentials so that they can change taxpayers' refund destinations themselves or steal information about their clients for the purpose of committing identity fraud.

The attack is just one scam that capitalizes on the looming April 18 deadline of the 2017 tax season. In its alert, the IRS explains that taxpayers are also targets of last-minute scams:

"This is also the time of year when taxpayers may see scam emails from their tax software provider or others asking them to update online accounts. ... These ruses generally urge taxpayers to give up sensitive data such as passwords, Social Security numbers and bank account or credit card numbers."

Tax-related scams have increased dramatically in recent years. While law enforcement has caught up to some of these fraudsters and punished them for their crimes, countless others remain anonymous and continue to prey on unsuspecting users.

Taxpayers are ordinary people like you and me who work hard and who deserve their refunds. To make sure they get what is owed to them, the IRS is urging tax professionals to verbally confirm any change in refund destination with their taxpayers. It's also asking that tax personnel strengthen their email passwords and/or implement two-step verification (2SV) if the feature is applicable.

That's not to say taxpayers are agent-less, however. Anyone who files a tax return should be on the lookout for suspicious emails from actors claiming to be their tax professionals, banks, and other respected institutions. If they come across a tax-related email that looks suspicious, they should report it to the IRS at phishing@irs.gov.

Tags: , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Listen now

Subscribe to the free GCHQ newsletter

, ,

No comments yet.

Leave a Reply