Drake Software blog for tax pros, covering tax, IRS news, and more

New Phishing Scam Unleashed; Tax Pros Targeted

Income tax professionals are being alerted by the Internal Revenue Service that a new email phishing scam has been unleashed, and it targets preparers.

This latest scam, identified by IRS Security Summit partners, starts with an email to a tax professional that pretends to be from a tax software company. The message tries to convince the recipient to download and install an important software update – conveniently available through an included link in the email.

After clicking the link, the recipient is redirected to a website prompting them to download a file appearing to be an update of their software package. The file uses the actual name of their software followed by “.exe extension.”

However, instead of downloading a software update, the preparer would download a program that can track their keystrokes – a common tactic used to steal login information, passwords and other sensitive data. Those keystrokes would be secretly sent to the scammer.

As part of its Protect Your Client; Protect Yourself campaign, the IRS provided this list of steps they would like all preparers to follow:

  • Be alert for phishing scams: do not click on links or open attachments contained in e-mails and always utilize a software provider’s main webpage for connecting to them. (Drake updates always come from within the software itself, not in an email.)
  • Run a security “deep scan” to search for viruses and malware;
  • Strengthen passwords for both computer access and software access; make sure your password is a minimum of 8 digits (more is better) with a mix of numbers, letters and special characters;
  • Educate all staff members about the dangers of phishing scams in the form of emails, texts and calls;
  • Review any software that your employees use to remotely access your network and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems. Remote-access software is a potential target for bad actors to gain entry and take control of a machine.

Also, review Publication 4557, Safeguarding Taxpayer Data, A Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security.

Bob Williams

Forget genes; I’ve got words in my DNA. Communication has been part of who I am nearly all my life. From a long career in radio news to another one in newspapers – and a University of Georgia journalism degree sandwiched between the two – language has been my life. I’ve also been fortunate to have learned the tax business from the ground up here at Drake, starting with 1040.com online forms some years ago before moving on to work on the Web. In all things tax-ish, we aim to give you tools you can use.

comments powered by Disqus