Last-Minute Email Scams

The Internal Revenue Service, state tax agencies and the tax industry today warned both tax professionals and taxpayers of last-minute phishing email scams, especially those requesting last-minute deposit changes for refunds or account updates.

As the 2017 tax filing season winds down to the April 18 deadline, tax-related scams of various sorts are at their peak. The IRS urged both tax professionals and taxpayers to be on guard against suspicious activity.

The IRS, state tax agencies and the tax industry, acting as the Security Summit, enacted many safeguards against identity theft for 2017, but cybercriminals are ever evolving and make use of sophisticated scams to trick people into divulging sensitive data.

For example, one new scam poses as taxpayers asking their tax preparer to make a last-minute change to their refund destination, often to a prepaid debit card. The IRS urges tax preparers to verbally reconfirm information with the client should they receive last-minute email request to change an address or direct deposit account for refunds.

The IRS also suggests that tax professionals change and strengthen their own email passwords to better protect their email accounts used to exchange sensitive data with clients.

Courtesy of IRS

For more information contact Neikirk, Mahoney and Smith at 502-896-2999.

New Two-Stage E-mail Scheme

The Internal Revenue Service, state tax agencies and tax industry leaders today warned tax professionals to be alert to an email scam from cybercriminals posing as clients soliciting their services.

A new variation of this phishing scheme is targeting accounting and tax preparation firms nationwide. The scheme's objective is to collect sensitive information that will allow fraudsters to prepare fraudulent tax returns.

These latest phishing emails come in typically two stages. The first email is the solicitation, which asks tax professionals questions such as "I need a preparer to file my taxes." If the tax professional responds, the cybercriminal sends a second email. This second email typically has either an embedded web address or contains a PDF attachment that has an embedded web address.

In some cases, the phishing emails may appear to come from a legitimate sender or organization (perhaps even a friend or colleague) because they also have been victimized. Fraudsters have taken over their accounts to send phishing emails.

The tax professional may think they are downloading a potential client's tax information or accessing a site with the potential client's tax information. In reality, the cybercriminals are collecting the preparer's email address and password and possibly other information.

The IRS urges tax professionals and tax preparation firms to consider creating internal policies or obtain security experts' recommendations on how to address unsolicited emails seeking their services.

Courtesy of IRS

For more information contact Neikirk Mahoney and Smith at 502-896-2999

IRS Warns Tax Professionals of New e-Services Email Scam

The Internal Revenue Service today issued an urgent alert to tax professionals who use IRS e-services to beware of an email asking them to update their accounts and directing them to a fake website.

The subject line for the fraudulent email is “Security Awareness for Tax Professionals.” The “From” line is “Your e-Services Team.” It has both an IRS logo and an e-services logo that hyperlinks to a URL verified as a phishing site. The spoofing site poses as an e-services registration page.

The scammers are attempting to exploit current IRS efforts to strengthen the e-services authentication process and its ongoing communications with tax professionals about their accounts. Scammers are attempting to steal e-services usernames and passwords or additional personal data through a registration page.

If e-services users have already clicked on the fake logo and provided their username and password, they should contact the e-services help desk to reset their accounts. If the same password is used for other accounts, these should be changed as well. As an extra precaution, users should perform a deep security scan on their computers, re-evaluate their security controls and be alert to any other signs of identity theft or data compromise.

Tax professionals should always go directly to IRS.gov to access e-services and never click on any links provided in emails.

Tax professionals who receive a suspicious email should send it as an attachment to Phishing@irs.gov and then delete it. Recipients should not click on any links.

The scammer email tells recipients that information was stolen from certain user accounts in 2015 from a state-sponsored actor. It says users are being asked to upgrade their e-service account to ensure protection of their information. It asks them to click on the login to access their accounts for security upgrade.

The IRS is in the process of upgrading e-services security and has been in communication with tax professionals about updating their accounts.

Courtesy of IRS

For more information contact Neikirk, Mahoney and Smith at 502-896-2999