Tax professionals are being warned to be on the lookout for a new round of phishing emails aimed at stealing their email usernames and passwords. The Internal Revenue Service says the new wave of scam emails pose as being from state accounting or professional associations.
So far, scammers have specifically targeted tax professionals in Iowa, Illinois, New Jersey and North Carolina. The IRS has also gotten reports about a Canadian accounting association being used.
Bad English Is the Key
The awkwardly worded phishing email states: “We kindly request that you follow this link HERE and sign in with your email to view this information from (name of accounting association) to all active members. This announcement has been updated for your kind information through our secure information sharing portal which is linked to your email server.”
Although specific areas have been identified to date, tax pros nationwide should be on notice, since scammers are known to quickly change their focus and tactics to respond to defenses. Expect other states to be targeted and other state associations to be used as cover.
The National Association of Tax Preparers (NATP) is one of the largest membership groups specializing in tax preparers and their needs. Taxing Subjects had the good fortune to speak with Jerry Sparkman, the NATP’s Informational Technology Director about this latest phishing scam making the rounds.
Sparkman says he’s seen this tactic before, but in a somewhat different form.
“We believe that the tactic is one that has been used to phish for many years and was originally crafted to spoof the banking industry and large service providers to scam users out of their financial credentials,” Sparkman said. “The scam in general is that the malicious actor attempts to recreate an email message with the actual organizational logos and other branding that is easily recognized by most internet users to gain the trust of the email recipient.”
Sparkman said the point of the bogus email is to get the recipient to click a link the tax preparer thinks goes to a legitimate application such as Dropbox or Google. But instead, it sends them to the scammer’s fake page and gets the victim to input usernames and passwords.
“We believe the scammers have identified tax professionals as easier high-value targets than most large service providers because of the depth of client information a tax professional has on file. We believe the older phishing tactic has been re-purposed for use on tax pros by spoofing branding of organizations that tax professionals trust and recognize like NATP,” Sparkman said.
Sparkman told us the NATP has been able to fight back against phishing attacks—but that hasn’t been uniform across the income tax industry—yet.
“We saw our first email spoofing at NATP in early 2017 and while working with the IRS office of online fraud and detection prevention we became skilled and systematic at taking down phishing sites, often hosted in other countries in multiple languages. As we learned more about ways to thwart the spoofing we put some highly effective countermeasures in place. Some of countermeasures we adopted were established by the banking industry and large service providers in 2012 to help prevent this type of email spoofing fraud” he continued.
Check It Out First
Tax practitioners who are members of professional associations should go directly to those associations’ websites rather than open any links or attachments. Tax practitioners who receive suspicious emails related to taxes or the IRS, or phishing attempts to gain access to practitioner databases, should forward those emails to firstname.lastname@example.org.
Coming Up: More with the NATP and phishing attacks on tax pros.