RS Warns Tax Pros of Surge in 'New Client' Scams Before 2024 Season
WASHINGTON - The IRS and the Security Summit partners have issued a warning to tax professionals to be cautious of a fresh wave of email scams during the filing season, in which hackers pretend to be potential clients.
The IRS has observed an increase in occurrences of seasonal tax fraud, commonly referred to as "new client" scams.
During tax season, from January to April, there have been reports of scammers targeting accounting groups and tax preparation firms with deceptive emails. The IRS has already been made aware of these scams this year. As we approach the 2024 tax season, it is important to be aware that identity thieves may pose as legitimate taxpayers to acquire sensitive information or gain access to the client data of tax professionals through email correspondence.
The Commissioner of the IRS, Danny Werfel, has warned that tax professionals and their clients are in danger of falling victim to complicated email scams. Cybercriminals commonly exploit the tax season by posing as legitimate taxpayers in need of help. However, their true motive is to obtain confidential information from tax professionals. As a precaution, tax professionals and their staff should exercise extra care when receiving unsolicited email offers and should avoid clicking on links or opening attachments.
The Security Summit is a joint effort among the IRS, state tax agencies, and the tax industry to protect taxpayers and tax professionals from tax-related identity theft.
As stated by the Summit partners, the primary objective of the most recent client email scam is to acquire sensitive personal information to produce authentic tax returns and requesting a reimbursement, or potentially participating in other types of deceitful actions.
Last year, phishing@irs.gov was inundated with multiple reports concerning the latest client fraud. This scam made up about two-thirds of the 400 grievances related to business email compromise (BEC) or business email spoofing (BES).
As a result of the large number of messages generated by cybercriminals, it is believed that numerous spearphishing emails have been dispatched to tax practitioners participating in these schemes. The goal is to aim at tens of thousands of tax preparers across the country.
Suggestions for Tax Experts: Important Considerations for Handling Emails from New Clients
A common tactic used by scammers to deceive potential clients is to send an email to tax professionals asking for help with their taxes. This email, known as a phishing email, may contain a dangerous link or attachment. Alternatively, scammers may take a cautious approach by initially sending an email to inquire if the tax professional is willing to accept new clients. After receiving a response, the scammer may then send a follow-up email with a malicious link or attachment.
During the process, the tax expert may assume that they are obtaining the tax information of a potential customer or accessing a webpage that contains their tax details. However, scammers can acquire the preparer's email, login information, and potentially sensitive data, or install harmful software on their device to gain entry to the system.
The IRS recently investigated a case involving a scam targeting new clients, which raised suspicion due to various warning signs such as poorly written sentences and unusual word choices. The scammers were able to obtain a legitimate email from a previous victim's compromised account, which contained no grammatical or spelling errors and addressed legitimate tax matters. This allowed them to use the email as a template for their phishing scam targeting new clients during the current tax season, requesting help with tax preparation.
This is an example of a recent fraud that is specifically targeting new clients of tax preparers.
Subject: Request for 2024 Tax Filing
Hello,
I am currently seeking a new CPA to help me with my tax filings, my name may vary.
Is your firm currently open to taking on new clients for the upcoming 2024 tax season? Additionally, do you provide services for IRS representation?
It appears that there may be a problem with my tax return from the previous year. To verify my credentials, please click on the following [Link to a legitimate website] HERE TO VIEW MY CREDENTIAL.
Should you be in agreement, we could arrange for a meeting, either in person or virtually, to address my circumstances and furnish any required tax paperwork.
Kindly provide guidance for your upcoming actions.
Warm Regards,
(The name may differ)
In some cases, emails from phishing clients may appear to come from a trustworthy source or institution, possibly even from a familiar person, because their email account has been compromised. To reduce the risk of your email account being hacked, it is recommended to enable two-factor or multi-factor authentication with your email service provider.
A common approach utilized to deceive people and tax professionals through fraudulent activities is by posing as a trustworthy entity or person. In order to protect oneself from falling prey to these schemes, it is essential to authenticate the sender's identity using an alternate mode of communication. For instance, instead of relying on the contact number provided in an email or text, individuals can verify the legitimacy of the sender by calling a number that they are already familiar with.
Tax schemes can also put both tax professionals and taxpayers in danger.
Tax experts encounter a constant danger from two categories of fraudulent emails: ones that originate from compromised email accounts and ones that mimic authentic institutions.
During tax season, both tax specialists and taxpayers must exercise caution when dealing with phishing emails. These fraudulent emails, originating from compromised email addresses belonging to businesses or individuals, can come in a variety of forms. Cybercriminals may disguise themselves as the IRS, state tax agencies, tax software companies, or financial institutions. They may also impersonate reputable government organizations or popular brands to deceive individuals into divulging personal information. Taxpayers must remain vigilant and informed about these phishing schemes all year round, rather than just during tax season.
Instructions for Reporting Fraudulent Schemes and Phishing Emails
To prevent instances of plagiarism, individuals should promptly report any unsolicited emails claiming to be from the IRS or related activities to phishing@irs.gov with complete email headers. If an IRS-related scam results in financial loss, it is advisable to report it to Treasury Inspector General Administration (TIGTA), Federal Trade Commission, and the Internet Crime Complaint Center. Furthermore, the email can also be forwarded to the abuse department of the individual's Internet Service Provider.
What to Do if a Tax Professional is Affected by a Data Breach
If a tax professional becomes a target of a data breach, it is important to act quickly. A key aspect of dealing with a data breach, such as the possibility of falling victim to a new client scam, is having a well-developed plan of action and being knowledgeable about the appropriate individuals to contact.
Tax professionals have various avenues to seek help from the IRS and law enforcement in the event of a data breach.
Tax professionals who have been impacted by data theft are advised by the IRS to promptly notify their local Stakeholder Liaison representative. This representative will then inform the IRS Criminal Investigation and other relevant departments within the agency on behalf of the affected tax professional. Time is crucial in such cases, as the IRS can take immediate measures to prevent fraudulent tax returns from being filed under the names of the tax professional's clients and provide additional security. Additionally, if directed, the tax professional can also reach out to the local offices of the Federal Bureau of Investigation or the Secret Service. To report the data breach, the tax professional can also contact their local police department.
The subsequent passage has been rearranged in order to eradicate any possibility of plagiarism, while still retaining the initial context and significance. Additionally, the markdown formatting has been conserved.
To avoid plagiarism, the following text has been reworded by rearranging its structure while still conveying the same meaning. The markdown formatting has been retained.
Expanding to States Where State Tax Returns are Managed by Tax Professionals
The Federation of Tax Administrators offers tax professionals a specialized webpage for reporting data breaches to the states.
According to the National Association of Attorneys General, the majority of states require that the state's attorney general be notified about data breaches.
Disclaimer: This article is for informational and educational purposes only and does not constitute legal tax advice. Advanced Tax Solutions is not liable or responsible for any damages resulting from or related to your use of this information. It is your responsibility to refer to official IRS documentation for information regarding any tax laws or tax information shown here.