Professionals throughout the U.S. income tax industry are being warned to expect a new, more serious round of cyber-scams and ruses aimed at stealing their confidential filing information—and that of their clients.

Activity has already been spotted: a new round of emails posing as potential clients, and even as the IRS, is circulating to trick tax pros into disclosing their sensitive information.

The members of the Security Summit—the IRS, state tax agencies and tax industry leaders—are asking all tax practitioners to be wary of communicating only be email with potential or even existing clients, especially if unusual requests are made by the “client.”

Tax professionals have recently reported “numerous” attempts to steal information by thieves posing as potential clients. It’s a tactic used last tax season as well. The emails attempt to lull the preparer into a false sense of security that they’re from a legitimate customer.

The fraudsters, posing as potential clients, send initial emails to tax practitioners. In recent days, the IRS has seen these early variations of these email schemes:

• “Happy new year to you and yours. I want you to help us file our tax return this year as our previous CPA/account passed away in October. How much will this cost us?...hope to hear from you soon.”
• “Please kindly look into this issue, A friend of mine introduced you to me, regarding the job you did for him on his 2017 tax. I tried to reach you by phone earlier today but it was not connecting, attach is my information needed for my tax to be filed if you need any more Details please feel free to contact me as soon as possible and also send me your direct Tel-number to rich (sic) you on.”
• “I got your details from the directory. I would like you to help me process my tax. Please get back to me asap so I can forward my details.”

If the tax practitioner responds, the fraudster will send a second email that contains either a phishing URL or an attached document that contains a phishing URL, claiming their tax data is enclosed. The fraudster wants the tax pro to click on the link or attachment and then enter their credentials. In some cases, the URL or attachment might be malicious and if clicked will download malicious software onto the tax pro’s computer.

Depending on the malware involved, this scheme could give fraudsters access to the tax practitioners’ secure accounts or sensitive data. It may even give the fraudster remote control of the tax professionals’ computers.

The IRS also has received recent reports of fraudsters once again posing as IRS e-Services, asking tax pros to sign into their accounts and providing a disguised link. The link, however, sends tax pros to a fake e-Services site that steals their usernames and passwords.

This is exactly why the IRS moved its e-Services applications to the two-factor verification Secure Access process. If they have not completed it already, all e-Services account holders should upgrade their accounts to the more secure process. Check out the IRS release Important Update about Your e-Services Account if you have questions about the new system.

Remember: Tax professionals have reported fake emails that may purport to come from the IRS, a potential client or even their software provider. If you receive a suspicious email, go directly to the IRS website, IRS.gov; DO NOT open any links or attachments in the suspicious email. Forward any attempted phishing email to phishing@irs.gov.