New phishing scam targets tax pros

The Internal Revenue Service, along with state tax agencies and the tax industry, is cautioning tax preparers to beware of a new phishing scheme revolving around emails claiming to be from a tax software education provider.

The phishing email uses the name of a real U.S.-based preparer education company, although the IRS did not identify the company in the warning it issued Friday on behalf of its Security Summit group.

The email says, “In our database, there is a failure, we need your information about your account.

In addition, we need a photo of the driver’s license, send all the data to the letter. Please do it as soon as possible, this will help us to revive the account.

*Company Name *

*EServices Username *

*EServices Password *

*EServices Pin *

*CAF number*

*Answers to a secret question*

*EIN Number *

*Business Name

*Owner/Principal Name *

*Owner/Principal DOB *

*Owner/Principal SSN *

*Prior Years AGI

Mother’s Maiden Name”

The IRS said the actual origin of the email is unknown and could be coming from cybercriminals who may be operating from either a location in the U.S. or another country. The message asks for an unusually large amount of sensitive preparer information that could allow criminals to steal client data and file fraudulent tax returns.

The IRS reminded tax professionals that legitimate businesses and organizations should never ask for usernames, passwords or sensitive data via email, and tax preparers should never provide such information by email no matter who requests it.

Tax professionals’ e-Services credentials, Electronic Filing Information Number (EFIN), Preparer Tax Identification Number (PTIN) and Centralized Authorization File (CAF) number can be extremely valuable information to identity thieves, the IRS noted, and anybody who is handling taxpayer information has a legal obligation to protect it.

The IRS has been partnering with state tax authorities and the tax industry on its Security Summit initiative in recent years to combat identity theft. It said they are making inroads on individual tax-related identity theft, so cybercriminals are targeting tax professionals more and more. The authentication procedures have become more rigorous so scammers need to get some of the actual client data so they can better impersonate taxpayers when filing fraudulent returns for tax refunds.


White Paper

Adopting a suite approach to apps

Partner Insights
Sponsor Content From:


NetSuite


Michael Cohn