Mar 29, 2022, 11:52 AM by Matthew McCann

Recent spear phishing emails are masquerading as messages from the IRS tax return preparation software. To help practitioners identify and address spear phishing threats, the IRS Stakeholder Liaison is conducting two briefings the week of March 28 to show tax professionals what some of the most recent scam emails look like.

By Alexandra Fabian, PICPA Manager of Government Relations

---

Tax professionals have become primary targets for cybercriminals due to the important personal and financial data they hold for clients. In fact, the IRS’s Cyber Security Organization has seen a drastic increase in attempts to “spear phish” tax professionals’ computer systems using email “lures.” Spear phishing, like phishing, uses ruses to gain access to sensitive information, such as account credentials or financial information, and steal it. What makes it spear phishing is that these attacks are specifically targeted to an industry or company rather than the more broadly distributed phishing scams.

Recent spear phishing emails masquerade as messages from the IRS tax return preparation software. Some feature the IRS logo with a subject line such as "Action Required: Your account has now been put on hold," or "Unusual activity report" with a link purportedly offering to remedy the suspension or other problem. Clicking on the link prompts a request for the tax preparer's account credentials. Some variants show logos of several popular tax preparation software companies.

"Scams continue to evolve, and this one is especially sinister since it threatens tax professionals’ accounts," said IRS Commissioner Charles P. Rettig. "Tax professionals must remain vigilant in identifying and staying clear of these IRS impersonation emails. A little extra care can protect the tax professionals and their clients."

To help practitioners address and identify the most pertinent threats, the IRS Stakeholder Liaison is conducting two short briefings this week to show tax professionals what some of the most recent scam emails look like. Each session is 30 minutes, and no preregistration is required.
(CPE will not be offered.)

Wednesday, March 30, 2022, from 9:00 to 9:30 a.m. (EDT)
Meeting ID: 161 848 8010
Passcode: m?4U?!jx
One tap mobile
+16692545252,,1618488010# US (San Jose)
+16468287666,,1618488010# US (New York)

Friday, April 1, 2022, from 1:00 to 1:30 p.m. (EDT)
Meeting ID: 160 967 6780
Passcode: b9Gu$3WP
One tap mobile
+16692545252,,1609676780# US (San Jose)
+16468287666,,1609676780# US (New York)

Some firms may seek the aid of cybersecurity professionals. There is a big market for these experts. But before hiring a cyber pro, the IRS advises the following:

• Ask for recommendations – Talk to other tax professionals and business owners for references.
• Be selective – Hire a professional that you feel comfortable with and trust discussing the safety and security of your business and your clients’ data.
• Do interviews – Ask about their level of experience in data and systems protection, available options for backing up data, experience developing security plans for similar-size businesses, and the scope of monitoring for current and emerging security threats.
• Make it official – Secure an agreement or engagement letter that details the terms of each service provided.

For additional information and help, tax professionals should review Publication 4557, Safeguarding Taxpayer Data and the IRS webpage Identity Theft Information for Tax Professionals.

---

For more tax discussions, PICPA members can log into PICPA Connect.

---

Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.