Skip to content ↓ | Skip to navigation ↓

The IRS issued an advisory last week, warning tax professionals of a new phishing scam impersonating tax software providers in an effort to steal their log-in credentials.

In a press release, the Internal Revenue Service said the “sophisticated scam” underscores the need for accountants to take strong security measures to protect their clients and their business.

“This is the time of year when many software providers issue software upgrades and when tax professionals are working to meet the Oct. 15 deadline for extension filers,” read the press release.

According to the IRS, the latest phishing scam has been spotted with an email subject line of “Software Support Update.” The email highlights an “Important Software System Upgrade,” in an email template that closely resembles those of tax software providers.

It even thanks recipients for continuing to trust their services with their tax preparation needs.

“The email informs the recipients that due to a recent software upgrade, the preparer must revalidate their login credentials. It provides a link to a fictitious website that mirrors the software provider’s login page,” the IRS’ press release said.

Consequently, instead of upgrading their software, tax professionals are inadvertently providing their login credentails to cybercriminals who can leverage them to access sensitive client information.

The advisory comes as part of a 10-week security education campaign, entitled Don’t Take the Bait, launched by the Security Summit – a task force involving the IRS, state tax agencies and other representatives of the tax industry.

During peak tax season, from January through May, the IRS said it received nearly 200 reports from tax professionals or firms involving data theft, affecting thousands of people.

“We’ve been warning tax professionals that they are increasingly the targets of national and international cybercriminal rings. These syndicates are well-funded, knowledgeable and creative. It’s going to take all of us working together to combat these identity thieves,” said IRS Commissioner John Koskinen.

Tax professionals are advised to keep in mind that software providers do not embed links into emails asking to validate passwords.

As always, users should remain vigilant when opening links or attachments from a suspicious email.

SANS White Paper: Security Basics
  • Gina Grant

    The new Chrome extension Scam Block Plus helps avoid such email phishing scams, even if you’re not sure it’s fraudulent and you click a link, your private details will not be exposed to a site that is not trusted.