Dirty Dozen: IRS urges tax pros and other businesses to beware of spearphishing; offers tips to avoid dangerous common scams

IR-2023-62, March 29, 2023

WASHINGTON —The Internal Revenue Service today warned tax professionals and businesses that they remain a top target for identity thieves and face threats from common scams on this year's Dirty Dozen list.

As part of the annual Dirty Dozen tax scams effort, the IRS and the Security Summit partners urged tax professionals and businesses to be on the lookout for a variety of suspicious email requests. Through these spearphishing emails, scammers try to steal client data, tax software preparation credentials and tax preparer identities with the goal of getting fraudulent tax refunds. These requests can range from an email that looks like it's from a potential new client to a request targeting payroll and human resource departments asking for sensitive Form W-2 information.

"It's vitally important for tax professionals and businesses to maintain a strong defense against cyberattacks like spearphishing," said IRS Commissioner Danny Werfel. "The information these businesses have on their systems is extremely valuable to an identity thief looking to steal identities and file fraudulent tax returns. There are simple steps that tax pros and businesses can take to avoid being fooled by these common schemes, including extra caution when opening emails, clicking on links or sharing sensitive client data. Extra care can go a long way to protect tax professionals and businesses as well as their clients."

Working together as the Security Summit, the IRS, state tax agencies and the nation's tax industry have taken numerous steps since 2015 to strengthen internal systems and controls to protects against tax-related identity theft. As part of this effort, the IRS and Summit partners continue to warn people about common scams and schemes during tax season and beyond that can threaten a taxpayer's personal and financial information. The Security Summit initiative is committed to protecting taxpayers, businesses and the tax system from scammers and identity thieves, and the Dirty Dozen is part of the larger effort.

The IRS' annual Dirty Dozen campaign is a list of 12 scams and schemes that put taxpayers and the tax professional community at risk of losing money, personal information, data and more. Some items on the Dirty Dozen are new and some make a return visit. While the Dirty Dozen is not a legal document or a formal listing of agency enforcement priorities, it is intended to alert taxpayers and the tax professional community about various scams and schemes.

Side-step spearphishing: Cyber security tips for tax pros and businesses

Phishing is a term given to emails or text messages designed to get users to provide personal information, either directly or by clicking on a link or attachment. Spearphishing is a tailored phishing attempt to a specific organization or business.

The IRS is warning tax professionals about spearphishing because there is greater potential for harm if the tax preparer has a data breach. A successful spearphishing attack can ultimately steal client data and the tax preparer's identity, allowing the thief to file fraudulent returns.

A taxpayer becoming a victim of tax-related identity theft is certainly an issue with spearphishing, but criminals seeking tax preparer credentials or access to their client's tax-related information increases the potential number of victims.

Spearphishing begins with a suspicious email – one that may appear as a tax preparation application or another e-service or platform. Some scammers will even use the IRS logo and claim something like "Action Required: Your account has now been put on hold." Often these emails stress urgency and will ask tax pros or businesses to click on links to input or verify information.

How to side-step spearphishing:

  • Never click suspicious links.
  • Double check the requests with the original sender.
  • Be vigilant year-round, not just during filing season.

Client impersonation: Spearphishing aimed at tax pros

The IRS and its Security Summit partners continue to see spearphishing attempts that impersonate a new potential client, known as the "New Client" scam. If the tax preparer responds, the scammer sends a malicious attachment or URL that ultimately enables them to gain access to sensitive client information on the tax preparer's computer systems.

Bogus requests for W-2s: Spearphishing aimed at businesses

The IRS wants to warn businesses about another specific spearphishing scam that targets employees in payroll or accounting departments. These employees might get an email that looks like it comes from an official source requesting W-2s for all employees. The payroll department might accidentally reply with these important documents, which would provide scammers with W-2 data on employees that can be used to commit fraud.

The IRS recommends using a two-person review process when receiving these types of requests for W-2s. The IRS also recommends any requests for payroll be submitted through an official process, like the employer's Human Resources portal.

Make a difference: Report fraud, scams and schemes

Individuals should never respond to tax-related phishing or spearfishing or click on the URL link. Instead, the scams should be reported by sending the email or a copy of the text/SMS as an attachment to phishing@irs.gov. The report should include the caller ID (email or phone number), date, time and time zone, and the number that received the message.

Taxpayers can also report scams to the Treasury Inspector General for Tax Administration or the Internet Crime Complaint Center. The Report Phishing and Online Scams page at IRS.gov provides complete details. The Federal Communications Commission's Smartphone Security Checker is a useful tool against mobile security threats.

As part of the Dirty Dozen awareness effort, the IRS encourages people to report individuals who promote improper and abusive tax schemes as well as tax return preparers who deliberately prepare improper returns.

To report an abusive tax scheme or a tax return preparer, people should mail or fax a completed Form 14242, Report Suspected Abusive Tax Promotions or PreparersPDF and any supporting materials to the IRS Lead Development Center in the Office of Promoter Investigations.

Mail:

Internal Revenue Service Lead Development Center
Stop MS5040
24000 Avila Road
Laguna Niguel, CA 92677-3405
Fax: 877-477-9135

Alternatively, taxpayers and tax practitioners may send the information to the IRS Whistleblower Office for possible monetary reward.

For more information, see Abusive Tax Schemes and Abusive Tax Return Preparers.