In News Release 2016-103 [8/11/16], the IRS warned tax professionals of an emerging phishing scam that goes after the tax data of tax professionals. The email scheme requests the recipient to download and install an important software update via a link included in the e-mail. Considering that over the next few months, tax software providers will be sending tax professionals updated tax software for the upcoming 2017 filing season, tax professionals need to be extra careful to assure they are not falling for this scam. Once recipients click on the embedded link, they are directed to a website prompting them to download a file appearing to be an update of their software package. The file has a naming convention that uses the actual name of their software followed by an ".exe extension." Upon completion, tax professionals believe they have downloaded a software update when in fact they have loaded a program designed to track the tax professional's key strokes, which is a common tactic used by cyber thieves to steal login information, passwords and other sensitive data. At the date of the news release, the IRS only knew of a few cases where tax professionals were victimized by this scam. However, in News Release 2016-119 [9/2/16], the IRS reports that it is aware of another 2 dozen cases where this scam was successful in gaining access to sensitive information. The IRS urges all tax preparers to take the following steps: (1) run a security "deep scan" to search for viruses and malware; (2) strengthen passwords for both computer access and software access; (3) make sure their password is a minimum of eight digits with a mix of numbers, letters, and special characters, and change them often; (4) be alert for phishing scams: do not click on links or open attachments from unknown senders; (5) educate all staff members about the dangers of phishing scams in the form of emails, texts and calls; and, (6) review any software that a tax professional’s employees or IT support vendors use to remotely access the professional’s network, and/or IT support vendor uses to remotely troubleshoot technical problems and support the tax professional’s systems. The IRS notes that remote access software is a potential target for bad actors to gain entry and take control of a machine. The IRS also noted that tax professionals should review Publication 4557, “Safeguarding Taxpayer Data, a Guide for Your Business,” which provides a checklist to help safeguard taxpayer information and enhance office security. For taxpayers that become victims of this or similar scams, the IRS provides several recommendations at its website at the link below. Note: The link contains a misspelling (profesionals) and correcting the link will not get you to the proper site.
Home » IRS REPORTS ON NEW SCAM ATTACKING TAX PROFESSIONALS – Posted October 20, 2016