The Internal Revenue Service has announced that spear phishing is the eighth item on the 2022 “Dirty Dozen” scam warning list and a serious problem because it can be adapted to attack and steal credentials from a person’s computer system. any small business with a client database, such as tax firms.
Spear phishing is an email scam that attempts to steal a tax professional’s software preparation credentials. These thieves attempt to steal customer data and the identity of tax preparers in an attempt to file fraudulent tax returns to obtain refunds. Spear phishing can be adapted to attack any type of business or organization, so everyone should be on the lookout and not rush to act when a strange email arrives.
The IRS has compiled the annual “Dirty Dozen” list for more than 20 years to alert taxpayers and the tax community to scams and schemes. The list is designed to educate a variety of audiences who may not always be aware of developments involving the tax administration.
“Dirty Dozen” scams tend to be more prevalent during deposit season, but criminals are busy all year round.
The latest phishing email uses the IRS logo and a variety of subject lines such as “Action Required: Your account has now been suspended.” The IRS has observed similar bogus emails claiming to be from a “tax preparation app provider.” One of these variants offers an “unusual activity report” and a solution link allowing the recipient to restore their account.
Emails claiming “Your account has been put on hold” are scams. The scam email will send users to a website that displays the logos of several popular tax preparation software providers. Clicking on any of these logos will display a request for tax preparer account credentials.
The IRS warns tax professionals not to respond or take any of the actions described in the email. Similar emails include malicious links or attachments that are configured to steal information or download malware to the tax professional’s computer.
In this case, if the recipients enter their credentials in the pop-up window, thieves can use this information to file fraudulent returns using the credentials provided by the tax professional. For more information, see IR-2022-36.