It’s tax season—time for a fresh wave of scams. Scammers are even smarter this year. The IRS announced a new two-stage email scam that targets tax professionals. The scammers pose as clients looking for assistance. The ultimate goal is to get just enough information from the tax professionals to file fraudulent tax returns. Luckily, with a bit of skepticism and diligence, we should be able to stop these scammers in their tracks!
The first email is innocent enough, basically asking for assistance in filing taxes. Once the scammer receives a response from the CPA firm, they send a malicious email that contains a link to a website or a PDF attached with a website link inside. It looks to the tax professional like they’re downloading the new client’s tax data, but they’re really downloading a virus that collects all information on the computer and, in some particularly bad cases, the entire internal network.
Once the scammers have successfully completed one of these intrusions, they continue phishing other firms and tax professionals using the domains previously scammed. This helps them look legitimate when the first email arrives. Unfortunately, there’s not much you can do to prevent the first email from hitting your inbox. The IRS suggests that CPA firms create internal policies for dealing with unsolicited emails asking about their services. The best possible response to a new client solicitation is providing your firm’s phone number. Ask them to call and set up an appointment. They can’t steal your information over the phone!
Every year brings new, more deceitful scams attempting to steal valuable information. And almost every single one of these scams requires you to act. You have to click a link, download a file, type information. They haven’t found a way around this yet. If a PDF shows up in your inbox with a link inside it, don’t click it. Ask them to call you. If they’re not scamming you, they’ll call and you gain a new client.
The IRS has increased authentication steps over the last few years for claiming tax refunds, requiring scammers to dig for more information. Think twice before clicking that link this tax season! Any time you’re dealing with sensitive information on a network, you need to be alert and cautious. There’s no such thing as too prepared.
703.715.4960 Tech Support