As part of the annual Dirty Dozen tax scams effort, the IRS and the Security Summit partners have urged taxpayers to be on the lookout for spearphishing emails. Through these emails, scammers try to steal client data, tax software preparation credentials and tax preparer identities with the goal of getting fraudulent tax refunds. These requests can range from an email that looks like it’s from a potential new client to a request targeting payroll and human resource departments asking for sensitive Form W-2 information.
Cyber Security Tips to Prevent Spearphishing
Spearphishing is a tailored phishing attempt to a specific organization or business and usually begins with a suspicious email that may appear as a tax preparation application or another e-service or platform. Some scammers will even use the IRS logo and claim something like “Action Required: Your account has now been put on hold.” Often these emails stress urgency and will ask tax pros or businesses to click on links to input or verify information.
How to prevent spearphishing:
- Never click suspicious links.
- Double check the requests with the original sender.
- Be vigilant year-round, not just during filing season.
The IRS and its Security Summit partners continue to see spearphishing attempts that impersonate a new potential client, known as the New Client scam. Lastly, taxpayers should never respond to tax-related phishing or spearfishing or click on the URL link. Instead, the scams should be reported by sending the email or a copy of the text/SMS as an attachment to firstname.lastname@example.org.