Like a rite of spring, fraudsters have ramped up their efforts to steal taxpayer and tax preparer information during the tax busy season.
The IRS, state tax agencies and the tax industry — known collectively as the Security Summit — are warning of early signs that cybercrooks are working their little fingers off sending emails that pose as prospective clients, or even the IRS itself, to trick tax preparers into forking over sensitive information.
Tax preparers should be extra careful about communicating only by email with existing or potential clients, especially in light of numerous prior breaches that have stolen millions of names, addresses, Social Security numbers and email addresses. To be on the safe side, tax preparers should call to confirm a client’s identity.
“Thieves may try to leverage stolen identities to steal even more data that will allow them to better impersonate taxpayers and file fraudulent tax returns for refunds,” the IRS said in an announcement about the cybercriminals.
Tax preparers recently have reported numerous phishing efforts by crooks who pose as potential clients. Like last year, the tactic is intended to trick preparers into opening a link or attached document.
The IRS reports the following bogus emails as some of the gamesmanship in play. [Editor’s note: You’ll find that these are suspect anyway because of the dicey writing, grammar and punctuation.]
“Happy new year to you and yours. I want you to help us file our tax return this year as our previous CPA/account passed away in October. How much will this cost us?...hope to hear from you soon.”
"Please kindly look into this issue, A friend of mine introduced you to me, regarding the job you did for him on his 2017 tax. I tried to reach you by phone earlier today but it was not connecting, attach is my information needed for my tax to be filed if you need any more Details please feel free to contact me as soon as possible and also send me your direct Tel-number to rich (sic) you on.”
“I got your details from the directory. I would like you to help me process my tax. Please get back to me asap so I can forward my details.”
If a tax preparer actually does reply, a second email will be sent that includes either a phishing URL or an attached document that contains a phishing URL. And the sender will say that their tax data is enclosed.
The goal, naturally, is to get the preparer to click on the link or the file, and enter their credentials. Sometimes the URL or attachment will be malware that, when clicked on, will download software on the preparer’s computer that allows fraudsters to gain access to sensitive accounts or data. And, in some cases, fraudsters can even gain remote access to preparers’ computers.
The IRS said that it recently received reports of crooks acting like IRS e-Services employees. They ask preparers to sign into their accounts and provide a bogus link that actually sends preparers to a false e-Services site that then steals their user names and passwords.
That kind of malicious trickery is what prompted the IRS to move e-Services to the safer Secure Access. The agency strongly advises that e-Services users upgrade their accounts to the more stringent authentication process at this link.
Meanwhile, tax preparers who get emails from the crooks posing as the IRS or their tax software provider should go to IRS.gov instead of opening anything. Send phishing emails to [email protected]. As a reminder, remember that the IRS doesn’t send unsolicited emails.
Terry Sheridan is an award-winning journalist who has covered real estate, mortgage finance, health care, insurance, personal finance, and accounting and taxation issues for newspapers, magazines, and websites. A Chicago native and former South Florida resident, she now lives in New England.