As the 2024 tax filing season approaches, the Internal Revenue Service (IRS), in conjunction with Security Summit partners, has issued a crucial warning to tax professionals regarding a significant rise in email scams. These scams, often presenting themselves as “new client” inquiries, are sophisticated attempts by cybercriminals to access sensitive data.
Background of the Scam Surge
Historically, these “new client” scams peak during the tax season, typically from January through April. This year, the IRS has already noted an uptick in these fraudulent activities. The modus operandi of these scammers involves impersonating real taxpayers seeking tax-related assistance, aiming to steal personal information or infiltrate the tax professionals’ client databases.
Statement from IRS Commissioner
IRS Commissioner Danny Werfel emphasizes the gravity of these scams, stating, “These intricate email scams pose a real risk to tax professionals and the taxpayers they represent. Cybercriminals try to capitalize on tax season by masquerading as real taxpayers looking for help. What they really want to do is help themselves to the sensitive client data of tax professionals. We urge tax professionals and their employees to be extra cautious when receiving unexpected email solicitations and avoid clicking on links or opening attachments.”
How the Scam Works
The scam operates through emails that either directly ask for tax assistance (often including a malicious link or attachment) or more subtly inquire if the tax professional is accepting new clients. When the tax professional responds, a second email containing harmful content is sent. This process can trick professionals into divulging credentials or downloading malware.
Warning Signs in Emails
The IRS has identified several red flags in these phishing emails, such as awkward sentence construction and unusual word usage. However, some emails might appear completely legitimate, using content from a stolen email account of a previous victim. These emails might reference real tax issues and lack grammatical errors, making them more deceptive.
Example of a Phishing Email
An example provided by the IRS shows an email subject titled “2024 Tax Submission,” where the sender enquires about tax services and IRS representation, followed by a phishing link disguised as a request to view credentials.
Importance of Vigilance and Verification
Tax professionals and individuals alike are advised to verify the sender’s identity through independent means, such as calling a known accurate number, rather than relying on contact information provided in the suspicious email or text.
Additional Threats and Reporting Mechanisms
The IRS also highlights that such phishing emails are not the only threat. Scams impersonating the IRS, state tax agencies, or other organizations are prevalent. The IRS urges reporting all suspicious emails to [email protected] and taking additional action in case of monetary losses.
Advice for Data Breach Victims
In case of a data breach, the IRS recommends immediate action. Tax professionals should contact the IRS Stakeholder Liaison, Federal Bureau of Investigation, Secret Service, and local police. They should also notify relevant state authorities and adhere to FTC requirements for a written security plan.
Implications for Small Business Owners
For small business owners, this surge in tax-related scams is a critical reminder of the importance of cybersecurity measures, especially during tax season. Employing vigilant practices, verifying client identities, and maintaining updated security protocols are paramount to safeguarding sensitive financial data.
As tax season approaches, the stakes are high for small business owners and tax professionals. Staying informed about these scams, understanding their nuances, and taking proactive security measures can significantly mitigate the risks posed by these sophisticated cybercriminal tactics.