The Internal Revenue Service (IRS) has recently issued a warning to tax professionals and businesses about an increase in spearphishing attacks. These attacks are aimed at stealing sensitive information. The alert is part of the IRS’s annual “Dirty Dozen” campaign, which highlights the top twelve scams targeting taxpayers and tax advisors each year.
Understanding Spearphishing Attacks
Spearphishing is a type of email scam where criminals pretend to be potential clients to trick tax professionals into giving away personal and financial information. These attackers send emails that appear legitimate but are actually fake, with the aim of gaining access to computer systems and sensitive data.
Danny Werfel, the IRS Commissioner, emphasized the need for vigilance. He stated that cyberattacks pose a threat not only to the businesses but also to the sensitive tax and personnel information that identity thieves can use to file fraudulent tax returns. He urged tax professionals and businesses to be on guard and educate their employees. He suggested that taking simple steps such as being extra cautious when opening emails, clicking on links, or sharing private client information can prevent tax professionals from falling prey to cybercriminals.
Preventing Spearphishing Attacks
The IRS has provided several tips to avoid spearphishing attacks. These include being cautious with emails and not clicking on links or downloading attachments from unknown or unexpected emails, especially those claiming to be from new clients. It is also recommended to verify new contacts by calling them to ensure the email is legitimate. Other tips include using strong security measures on your accounts, encrypting sensitive information, and keeping your software updated.
The IRS reminds everyone that while these scams are more prevalent during tax season, they can occur at any time of the year. Tax professionals and businesses are advised to remain vigilant and proactive in protecting themselves and their clients.
Reporting a Spearphishing Attack
If you receive a suspicious email, you should forward it to [email protected] with details such as the sender’s email address and the date and time it was received. The IRS also provides resources on how to recognize and report phishing attempts on their website.
The IRS encourages reporting abusive tax promoters and dishonest tax preparers using the online Form 14242, or by mailing or faxing the form to the IRS Lead Development Center.
The IRS and its Security Summit partners, which include state tax agencies and tax industry leaders, continue their joint efforts to prevent identity theft and tax fraud through education and heightened security measures.