IE 11 is not supported. For an optimal experience visit our site on another browser.

New Online Scam Targets Tax Preparers — Is Yours Smart Enough to Avoid It?

The IRS is warning about a new phishing email scam that gives cyber criminals access to a tax preparer's online programs — including your personal data.
Image: A tax preparer helps a customer in San Francisco
Tax preparer Robert Romero helps a customer prepare his income taxes at Liberty Tax Service on April 14, 2014 in San Francisco.Justin Sullivan / Getty Images, file

Do you trust your tax preparer not to fall for this simple phishing scam?

The Internal Revenue Service is warning tax preparers about a new scam designed to steal their usernames and passwords. The hacker’s goal is to break in to the preparer’s computer system and steal client information.

The IRS advises the bogus email appears to come from the recipient’s software provider and typically has a subject line that reads something like: “Software Support Update” or “Important Software System Upgrade.”

The message tells the preparer they need to revalidate their login credentials and it provides a link to a “fictitious website that mirrors the software provider’s actual login page,” according to an IRS bulletin issued last month. “Instead of upgrading software, the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers' accounts and to steal client information."

This phishing attack was cleverly designed to launch at the time of year when many software providers release upgrades to professional preparers. It’s also a busy time for preparers who are working to meet the Oct. 15 deadline for clients who filed for extensions.

“This sophisticated scam yet again displays cybercriminals’ tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business,” the IRS alert said.

The IRS said criminals accessed client tax returns, completed those returns, e-filed them and secretly directed refunds to their own accounts.

Mike Wyatt, a threat researcher with RiskIQ, a digital threat management firm, told NBC News he’s not surprised to see this current attack. Getting people to click on malicious links requires social engineering — and launching a phishing campaign related to calendar events can be a successful tactic.

“Cybercriminals very often leverage holidays, events and other important dates in their threat campaigns, so it makes perfect sense that a group is capitalizing on the extended tax deadlines coming up,” he said.

Fighting Back

This is not the first time cyber criminals have targeted tax professionals. That’s why the IRS, state tax agencies, and the tax preparation industry formed the Security Summit partnership two years ago. This summer, the Security Summit launched a 10-week “Don’t Take the Bait” campaign that is currently underway. It advises tax professionals about the various cyber threats they face, including phishing scams, ransomware and takeover attacks.

“We’re all banding together to remind tax professionals to stay vigilant and to alert them about the various ways the bad guys try to go after them,” IRS spokesman Raphael Tulino told NBC News. As part of that awareness campaign, the IRS warned tax pros in June that it had seen a rise in account takeovers. By stealing or guessing the preparer’s username and password, the cyber thieves can access the preparer’s entire digital network, including their IRS e-Services account.

The IRS said it had received reports of “multiple takeover incidents” in the past year in which the criminals accessed client tax returns, completed those returns, e-filed them and secretly directed refunds to their own accounts.

The phishing emails that made these takeovers possible “can look convincing, appearing to originate from IRS e-Services” the IRS warned. They have subject lines designed to get a quick response, such as: “Account Closure Now,” “Avoid Account Shutdown,” or “Unlock Your Account Now.” IRS screen captures show that the fake login pages created by the crooks look just like those on the real IRS site.

“We urge tax professionals to be on the lookout for the warning signs of these schemes and many others that can contribute to data loss and identity theft,” IRS Commissioner John Koskinen said in a statement. “A few simple steps can protect tax professionals as well as their clients.”

Tax Professionals Are a Lucrative Target

CPA Larry Gray is a member of the Security Summit and national government liaison for the National Association of Tax Professionals. He spends a lot of time trying to educate members about the threats they face.

“Ten years ago, we were dealing with unsophisticated hackers; today, it’s corporate hackers,” Gray said. “We have a phenomenal goldmine of information that nobody else has. Even if you go to the taxpayer’s home, they’re not going to have all of the information we have in one place.”

Related: How to Spot Fake Tax Preparers

This data goldmine includes Social Security numbers and birth dates for the entire family, returns for multiple years and all the supporting documents, and in some states, driver’s license information.

Armed with this information, an identity thief can impersonate you or create a fictitious person who can do more than file a false tax return. They can get credit cards, open bank accounts, apply for loans, and receive medical treatment or government benefits.

Individual Taxpayers Not in the Clear

People who file their own returns are still at risk. Phone bandits pretending to be with the IRS continue to make calls with demands for immediate payment of supposedly owed back taxes. Other con artists send bogus emails requesting personal information.

In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communications, according to the IRS.

Remember: The IRS does not:

  • Initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information
  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer
  • Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe
  • Threaten to bring in local police, immigration officers or other law-enforcement to have you arrested for not paying.

Keep in mind: The IRS cannot revoke your driver’s license, business licenses, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.

The IRS has a consumer alert on new and evolving schemes this summer and a tip sheet on how to recognize the signs of a tax scam.

Herb Weisbaum is The ConsumerMan. Follow him on Facebook and Twitter or visit The ConsumerMan website.