Security Summit Issues Warning About a Two-Stage Email Phishing Scheme
The Internal Revenue Service today announced a new email scam from cybercriminals that targets tax professionals. Using a two-stage process, this latest phishing scheme attempts to collect private data from tax preparers.
In the first stage of the email, the criminals pose as a potential client looking for someone to prepare their taxes. The IRS says that, in some cases, these emails may appear on the level: they could come from a seemingly “legitimate sender or organization (perhaps a friend or colleague) because they also have been victimized.” These emails state “I need a preparer to file my taxes” and include several questions in an attempt to establish authenticity.
Responding triggers the second stage: a follow-up email containing either an embedded link or attached PDF. Clicking on either the email or PDF link collects the tax preparer’s password and possibly other sensitive data.
If you receive one of these emails, the Security Summit has advice: “never respond to or click on a link in an unsolicited email or PDF attachment from an unknown sender.” Cybercriminals use private information to impersonate taxpayers and file fraudulent returns so they can collect refund money; in past years, they have illegally claimed billions of dollars from the IRS.
Visit Protect Your Clients; Protect Yourself to learn more about how the Security Summit is increasing awareness of tax-related identity theft.
Source: Internal Revenue Service