As new IRS regulations implemented last year make it harder and harder for criminals to use consumer tax software to file fraudulent returns, they’re increasingly setting their sights on tax practitioners. More and more, hackers and fraudsters are attempting to steal sensitive client data, hijack professionals’ tax systems (and EFINs) to use for fraudulent filings, and use social engineering to trick staff into providing crucial login information.
The latest scam is an email disguised as an alert from the tax professional’s client. Specifically, the email — which may appear as if it originated from your software vendor and uses copies of the vendor’s official logos — claims that the client has uploaded tax organizer files to their portal.
If staff click the OPEN link in the email, they’re taken to a website mimicking a login screen from the vendor. By using that social engineering, the bad actors can capture any login and password information the staff member provides.
If you receive an email like this, and are unsure if it’s really from a client, don’t click the link in the email, but rather use your normal method to navigate to the appropriate page. (Of course, that’s only one course of action to helping prevent hacking in your firm; see IRS Publication 4557: Safeguarding Taxpayer Data for more information, and work with your trusted information technology staff or provider for more detailed plans.)
Any practitioners who may have already opened such an email, downloaded a file or clicked such a link and typed in their credentials, should immediately enact their incident response plan, which should include immediately changing your login credentials.
For more information and guidance:
- Visit our Customer Security page
- Review our Protecting your firm and clients against phishing scams help topic on our Help & How-To Center
- Read Jon Baron’s blog article, Your Firm’s Been Hacked: Here’s What to Do Immediately