Phishing is the number one tax scam on IRS’ ‘Dirty Dozen’. Using fake emails or websites, scammers try to steal personal and financial information of taxpayers. With this stolen information, they file a fraudulent tax return to receive a refund, or conduct financial crimes.
To avoid falling into the trap of scammers, it’s important to remember that the IRS never initiates communication with a taxpayer through email. Instead, they send a notice through letter mail in your mailbox. The notice can be regarding payment of a bill, tax refund or changes in your tax bill that the IRS wants to inform you about.
After targeting taxpayers for many years, tax scammers have now turned their attention to tax professionals. Now, a new email scam targeting tax pros has been discovered. Scammers are sending a phishing email to tax preparers that says that the tax preparer’s Electronic Filing Identification Number (EFIN) will be suspended if s/he does not open the embedded 1040 and confirms or denies that they submitted Form 1040. The embedded document contains malware. Accounting Today takes a deep look at this new email scam:
“The IRS reminded tax professionals once again that they are frequently targeted by cybercriminals who hope to steal their clients’ data or the preparer’s identity. Identity thieves use many variations of phishing emails such as the latest one. The fake emails typically contain an urgent message (such as your EFIN will be suspended, in the present case) and aim to lure recipients into opening a link or attachment.
The IRS is urging all tax professionals to beware and follow some security steps to safeguard their clients and businesses. (See Publication 4557, Safeguarding Taxpayer Data for cybersecurity advice.)
The steps include:
- Use the multifactor authentication option offered by tax prep software to protect accounts from unauthorized access.
- Use strong password protections on all devices.
- Never open suspicious emails, links and attachments that may carry malware.
- Use strong security software and keep it updated.”
The IRS never initiates contact with taxpayers or tax preparers by email, text messages or social media. If you receive such an email or message that claims to be from the IRS, do not reply to it or open any attachment or link. Simply forward it as it is to firstname.lastname@example.org and then delete the email.
To confirm that the email was from scammers, you can go to irs.gov and search for the notice number or form number that you received in an email/message.
In any email scam, you’ll notice that the communication is always unsolicited. Some phishing messages may ask you to share your personal and/or financial information, and some may ask you to click on a link or open an attachment. You will certainly be asked to take some kind of action.
Scammers keep changing their ways. Since the return filing deadline is approaching, taxpayers may expect fraudulent emails concerning tax returns and the COVID-19 pandemic.”