IRS Cautions Tax Professionals About Spearphishing Scams


The IRS recently issued a warning to tax professionals and businesses that spearphishing attacks aimed at stealing sensitive information are on the rise. This alert is part of the IRS’s annual “Dirty Dozen” campaign, which highlights the 12 most common scams targeting taxpayers and tax preparers each year.

Spearphishing is a type of email scam in which criminals pose as potential customers to trick tax professionals into disclosing personal and financial information. These attackers send emails that look real but are actually fake, attempting to gain access to computer systems and sensitive data.

IRS Commissioner Danny Werfel emphasized the importance of remaining vigilant. “Cyberattacks pose a threat not only to the existence of businesses, but also to the sensitive tax and human resources information that identity thieves can use to file fraudulent tax returns,” he said. “Security Summit partners continue to urge tax professionals and companies to be vigilant and train their employees. Simple measures like taking extra care when opening emails, clicking on links, or sharing private client information can prevent tax professionals from being exploited by cybercriminals.”

Tips to avoid spearphishing attacks:

  • Be careful with email: Do not click on links or download attachments from unknown or unexpected emails, especially those purporting to be from new customers.
  • Check new contacts: If a potential new customer contacts you via email, call them to make sure the email is legitimate.
  • Use strong security for your accounts: Protect your email with strong passwords and two-factor authentication.
  • Encrypt sensitive information: Only send confidential information encrypted and password protected.
  • Keep your software up to date: Make sure your security software is up to date and includes anti-phishing features.

The IRS reminds everyone that while these scams are more common during tax season, they can happen at any time of the year. Tax professionals and businesses are advised to remain vigilant and proactive to protect themselves and their clients.

To report a spearphishing attack: If you receive a suspicious email, forward it to [email protected] with details such as the sender’s email address and the date and time it was received. The IRS also provides resources on its website for identifying and reporting phishing attempts.

The IRS recommends reporting abusive tax preparers and dishonest tax preparers using online Form 14242 or by mailing or faxing the form to the IRS Lead Development Center.

The IRS and its Security Summit partners, which include state tax authorities and tax industry leaders, continue their collaborative efforts to prevent identity theft and tax fraud through education and increased security measures.

Image: Envato Elements