The Internal Revenue Service has declared spear phishing to be the 8th item on the 2022 “Dirty Dozen” scams warning, adding that even after tax season has passed, “Spear phishing remains one of the biggest threats to the tax industry and other client-based enterprises.”
The alert also notes:
Spear phishing is an email scam that attempts to steal a tax professional’s software preparation credentials. These thieves try to steal client data and tax preparers’ identities in an attempt to file fraudulent tax returns for refunds. Spear phishing can be tailored to attack any type of business or organization, so everyone needs to be on the lookout and not rush to act when a strange email comes in.
The latest phishing email uses the IRS logo and a variety of subject lines such as “Action Required: Your account has now been put on hold.” The IRS has observed similar bogus emails that claim to be from a “tax preparation application provider.” One such variation offers an “unusual activity report” and a solution link for the recipient to restore their account.
The IRS warns tax pros not to respond or take any of the steps outlined in the email. Similar emails include malicious links or attachments that are set up to steal information or to download malware onto the tax professional’s computer.
In this case, if recipients enter their credentials into the pop-up window, thieves can use this information to file fraudulent returns by using credentials that were provided by the tax professional.