Cybercriminals are putting together several tactics to target tax professionals and their clients in a fake insurance tax form scam to access annuity and life insurance accounts, the IRS is warning.
There are a number of variations on the scam, the IRS noted, but in a common version, the cybercriminal impersonates a real cloud-based storage provider in a phishing e-mail to a tax pro, who is tricked into providing their e-mail credentials, including username and password.
The cybercriminal then uses the tax pro’s account to contact clients with a fake IRS insurance form for the clients to fill out. Replies are faxed, or e-mailed to an address very similar to the tax pro’s e-mail.
The e-mails to clients often include “Urgent information” or a similar request in the subject line, while the text reads:
“Dear Life Insurance Policy Owner,
“Kindly fill the form attached for your Life insurance or Annuity contract details and fax back to us for processing in order to avoid multiple (sic) tax bill (sic).”
Using data from the forms, the cybercriminal then impersonates the client to contact their insurance company to try to get a loan or make a withdrawal from the client’s accounts.
The IRS is asking individuals who get one of these scam e-mails to forward it to firstname.lastname@example.org and then delete it, and is warning those who may have completed and returned the fake tax form to contact their insurance carrier immediately.