The Security Summit is this week broadening the scope of its 2021 “Protect Your Clients; Protect Yourself” campaign to include the different types of phishing scams that taxpayers may see in the coming months. This immediately follows the Summit highlighting recent unemployment compensation scams.
(Read more about those scams in “Security Summit Warns of Scams Targeting Unemployment Compensation.”)
Why is the Security Summit warning taxpayers and tax pros about phishing scams?
Now a ubiquitous part of having an email account, phishing scams have steadily added new online platforms to their portfolio over the past few years—and the pandemic has seemingly accelerated that evolution. Since identity thieves continue to see success when deploying these scams, the increasing number of places we will encounter them presents a threat that can’t be ignored.
The good news is that knowing what to look for can help protect your data.
What are the common signs of phishing scams?
According to the Security Summit, “phishing emails or SMS/texts (known as "smishing") attempt to trick the person receiving the message into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers.” And most tend to do two things:
- Appear to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS.
- Tell a story, often with an urgent tone, to trick the receiver into opening a link or attachment.
Some phishing scams use information about their victims—whether gathered from social media or other easily accessible public sources—to make their messages appear legitimate. The Security Summit says this “spear phishing” is commonly used to tax professionals by impersonating current and prospective clients.
“In a reoccurring and very successful scam this year, criminals posed as potential clients, exchanging several emails with tax professionals before following up with an attachment that they claimed was their tax information,” the Summit warns. “This scam was popular as many tax professionals worked remotely and communicated with clients over email versus in-person or over the telephone because of COVID.”
Like other phishing emails and texts, these often include a link or attachment that can install a number of nasty types of malware that can be devastating to your tax practice:
- Remote access trojan (RAT) to take over the tax professional's office computer systems, identify pending tax returns, complete them and e-file them, changing only the bank account information to steal the refund.
- Ransomware ... [that] attacks the tax pro's computer system to encrypt files and hold the data for ransom.
So, reconsider clicking any links or attachments you see in emails and text messages—especially those you aren’t expecting. (Heck, you might not even want to click on email links at all!)
Where will I encounter phishing scams?
Phishing existed long before “Internet” became a household term. Just as the name implies, you’re more likely to find success if you drop your line into water that has plenty of fish. That’s why criminals are quick to adopt communication platforms that are highly populated, starting with the mail and phone systems.
While we still get peppered with phishing letters and calls, identity thieves had added emails, text messages, and social media messages to their arsenal. And the Security Summit warns that the transition to remote work has simply increased the volume and type of online scams.
In other words, you and your clients will need to closely scrutinize all digital communications—even those that appear to come from friends and coworkers.