Security Summit warns tax pros to be wary of pandemic-related email schemes

IR-2021-166, August 10, 2021

WASHINGTON — In a continuing twist on a common scam, the Internal Revenue Service, state tax agencies and tax industry today warned tax professionals to beware of evolving phishing scams that use various pandemic-related themes to steal client data.

The Security Summit partners continue to see instances where tax professionals, especially those who engage in remote transactions, have been vulnerable this year to identity thieves posing as potential clients. The criminals then trick practitioners into opening email links or attachments that infect computer systems.

Avoiding phishing emails is the fourth in a five-part series sponsored by the IRS, state tax agencies and the nation's tax community – working together as the Security Summit – highlighting critical steps tax professionals can take to protect client data. This year's theme "Boost Security Immunity: Fight Against Identity Theft," is an effort to urge tax professionals to work to strengthen their systems and protect client data during this pandemic and its aftermath.

"Identity thieves have been relentless in exploiting the pandemic and the resulting economic pain to trick taxpayers and tax professionals to disclose sensitive information," said IRS Commissioner Chuck Rettig. "Fighting back against phishing scams requires constant vigilance, and we urge tax pros to take some basic steps to help protect their clients and themselves."

Phishing emails or SMS/texts (known as "smishing") attempt to trick the person receiving the message into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Tax pros are a common target.

Scams may differ in themes, but they generally have two traits:

  • They appear to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS.
  • They tell a story, often with an urgent tone, to trick the receiver into opening a link or attachment.

A specific kind of phishing email is called spear phishing. Rather than the scattershot nature of general phishing emails, scammers take time to identify their victim and craft a more enticing phishing email known as a lure. Scammers often use spear phishing to target tax professionals.

In a reoccurring and very successful scam this year, criminals posed as potential clients, exchanging several emails with tax professionals before following up with an attachment that they claimed was their tax information. This scam was popular as many tax professionals worked remotely and communicated with clients over email versus in-person or over the telephone because of COVID.

Once the tax pro clicks on the URL and/or opens the attachment, malware secretly downloads onto their computers, giving thieves access to passwords to client accounts or remote access to the computers themselves.

Thieves then use this malware known as a remote access trojan (RAT) to take over the tax professional's office computer systems, identify pending tax returns, complete them and e-file them, changing only the bank account information to steal the refund.

In recent months, international criminals have used a ransomware attack to shut down a variety of companies. Criminals use similar, smaller scale tactics against tax pros. When the unsuspecting tax professional opens a link or attachment, malware attacks the tax pro's computer system to encrypt files and hold the data for ransom.

These scams highlight the importance of the basic security steps recommended by the Security Summit to protect data.

For example, using the two-factor (2FA) or the multi-factor authentication (MFA) option offered by tax preparation providers or storage providers would protect client accounts even if passwords were inadvertently disclosed. Keeping anti-virus software automatically updated helps prevent scams that target software vulnerabilities. Using drive encryption and regularly backing up files helps stop theft and ransomware attacks.

For tax professionals, securing their network to protect taxpayer data is their responsibility as a tax preparer.

To help tax professionals guard against phishing scams and better protect taxpayer information, the IRS recently updated Publication 4557, Safeguarding Taxpayer Data PDF. The July 2021 version contains some of the latest suggestions such as using the multi-factor authentication option offered by tax software products and helping clients get an Identity Protection Pin.

Additional resources

In addition to reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data PDF, tax professionals can also get help with security recommendations by reviewing Small Business Information Security: The Fundamentals PDF by the National Institute of Standards and Technology. The IRS Identity Theft Central pages for tax pros, individuals and businesses have important details as well.

Publication 5293, Data Security Resource Guide for Tax Professionals PDF, provides a compilation of data theft information available on Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

For more information, see Boost Security Immunity: Fight Against Identity Theft.