Wednesday August 23, 2017
IRS Launches "Don't Take the Bait" Campaign
In IR-2017-119 the IRS warned tax professionals to not "Take the Bait" of spear phishing emails.
Many tax preparers are receiving emails from tax fraudsters. A typical email could be similar to the following:
Subject: Tax ReturnI got your email from the local directory. Hope you are doing good and actively involved in the tax filing season.
I would like to file my tax return which includes that of me and my spouse. Details are below. I would like you to have a review and let me know the cost. Click Here to view my details.
If the tax preparer clicks the link to retrieve Joe's data, the tax fraudster downloads malware on the tax preparer's computer. The malware may pass client data to the tax fraudster. The tax fraudster will use this client data to file for fraudulent refunds.
IRS Commissioner John Koskinen stated, "We are seeing repeated instances of cybercriminals targeting tax professionals and obtaining sensitive client information that can be used to file fraudulent tax returns. Spear phishing emails are a common way to target tax professionals. We urge practitioners to review this information and take steps to protect themselves and their clients."
Tax professionals are especially vulnerable if a tax fraudster hacks the email account of a client. The tax fraudster sends an email that appears to be from a known client account and the tax preparer then opens the email and clicks on the link.
All tax preparers and individuals should take protective steps against these tax fraudsters.
1. Spear Phishing - You should educate and alert all of your staff about the email risks.
2. Passwords - It is best to use a strong password with a mix of letters, characters and numbers.
3. Unfamiliar Source - If you receive an email from a person you do not know, do not click on a link. In most cases, you can go to a website for the IRS or other government site and obtain your desired information.
4. Hover - If you hold your browser over a link or "hover," you should be able to view the address of the link. If this is an unknown address, do not click on the link.
5. Call - A tax professional who is contacted by an unknown individual can usually obtain a phone number and call the person.
6. Security Software - Check to see that you have appropriate security software on your computer and that it is regularly updated.
Published July 14, 2017