IRS Tax Tip 2018-88, June 7, 2018
The IRS warns tax practitioners to beware of phishing emails where the senders are posing as state accounting groups and other professional tax associations.
Here are some facts about these emails that can help people recognize them as scams:
- Tax professionals are reporting they get an email trying to trick the recipient into disclosing their email usernames and passwords.
- Cybercriminals have specifically targeted tax professionals in Iowa, Illinois, New Jersey and North Carolina. That said, tax practitioners nationwide should be on guard because cybercriminals can easily change their tactics. The thieves could edit their emails to use other association names or make other adjustments in their scam attempts.
- The email is awkwardly worded. It reads: “We kindly request that you follow this link HERE and sign in with your email to view this information from [name of accounting association] to all active members. This announcement has been updated for your kind information through our secure information sharing portal which is linked to your email server.”
The IRS and its security partners urge tax preparers to follow these minimal security steps:
- Tax practitioners who are members of professional associations should go directly to those associations’ websites rather than open any links or attachments.
- Tax preparers who receive suspicious emails related to taxes or the IRS, or phishing attempts to gain access to practitioner databases should forward those emails to firstname.lastname@example.org.
- Preparers should never open a link or any attachment from a suspicious email.
- Publication 4557, Safeguarding Taxpayer Data
- Small Business Information Security – The Fundamentals (PDF), by the National Institute of Standards and Technology
- IRS Stakeholder Liaison