The Internal Revenue Service has declared spear phishing to be the 8th item on the 2022 “Dirty Dozen” scams warning, adding that even after tax season has passed, “Spear phishing remains one of the biggest threats to the tax industry and other client-based enterprises.”
The alert also notes:
Spear phishing is an email scam that attempts to steal a tax professional’s software preparation credentials. These thieves try to steal client data and tax preparers’ identities in an attempt to file fraudulent tax returns for refunds. Spear phishing can be tailored to attack any type of business or organization, so everyone needs to be on the lookout and not rush to act when a strange email comes in.
The latest phishing email uses the IRS logo and a variety of subject lines such as “Action Required: Your account has now been put on hold.” The IRS has observed similar bogus emails that claim to be from a “tax preparation application provider.” One such variation offers an “unusual activity report” and a solution link for the recipient to restore their account.
The IRS warns tax pros not to respond or take any of the steps outlined in the email. Similar emails include malicious links or attachments that are set up to steal information or to download malware onto the tax professional’s computer.
In this case, if recipients enter their credentials into the pop-up window, thieves can use this information to file fraudulent returns by using credentials that were provided by the tax professional.
Phishing has become the #1 way to penetrate both user and corporate devices. The ease with which the hackers deliver their payload to these systems cannot be underestimated. Every enterprise should assume the devices that their users utilize are infected. This is the zero trust mentality. Once this reality is assumed, then security personnel can start taking the right steps to mitigate the inevitable. Proper identity governance, knowing who has access to what – and what identity permissions have changed is crucial.