Tax Law and News IRS Issues Security Summit Alert: New Two-Stage Email Scheme Targets Tax Professionals Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Intuit Accountants Team Modified Oct 16, 2017 2 min read Please see the below notice from the IRS announcing a new email scheme targeting tax professionals: The Internal Revenue Service, state tax agencies and tax industry leaders today warned tax professionals to be alert to an email scam from cybercriminals posing as clients soliciting their services. A new variation of this phishing scheme is targeting accounting and tax preparation firms nationwide. The scheme’s objective is to collect sensitive information that will allow fraudsters to prepare fraudulent tax returns. These latest phishing emails come in typically two stages. The first email is the solicitation, which asks tax professionals questions such as “I need a preparer to file my taxes.” If the tax professional responds, the cybercriminal sends a second email. This second email typically has either an embedded web address or contains a PDF attachment that has an embedded web address. In some cases, the phishing emails may appear to come from a legitimate sender or organization (perhaps even a friend or colleague) because they also have been victimized. Fraudsters have taken over their accounts to send phishing emails. The tax professional may think they are downloading a potential client’s tax information or accessing a site with the potential client’s tax information. In reality, the cybercriminals are collecting the preparer’s email address and password and possibly other information. The IRS urges tax professionals and tax preparation firms to consider creating internal policies or obtain security experts’ recommendations on how to address unsolicited emails seeking their services. One tip: Never respond to or click on a link in an unsolicited email or PDF attachment from an unknown sender. As the IRS, states and the tax industry make progress in the fight against identity theft, cybercriminals are becoming more sophisticated in their efforts to steal additional client information. Criminals need more data in their effort to impersonate clients and file fraudulent returns to claim refunds, and schemes like this can help in this effort. Read more at Protect Your Clients; Protect Yourself, the Security Summit initiative to increase awareness about the tax professional community. Previous Post Blockchain Technology and What it Means for Tax Professionals Next Post Coaching Your Self-Employed Clients on Taxes Written by Intuit Accountants Team The Intuit® Accountants team provides ProConnect™ Tax, Lacerte® Tax, ProSeries® Tax, and add-on software and services to enable workflow for its customers. Visit us at https://proconnect.intuit.com, or follow us on Twitter @IntuitAccts. More from Intuit Accountants Team Comments are closed. Browse Related Articles Tax Law and News Annual inflation adjustments for TY24 and TY25 Practice Management Intuit is committed to your success Practice Management Lacerte® Tax spotlight: Karl J. Strube, CPA Practice Management ProConnect™ Tax Online spotlight: Alejandra Matias Practice Management ProConnect Tax Virtual Bootcamp: Jan. 15-16 Webinars Navigating Common IRS Red Flags: Jan. 20 Webinars Pay-by-Refund: Jan. 20 Webinars Practical Security Checklist: Jan. 14 Tax Law and News January 2025 tax and compliance deadlines Workflow tools On the Books podcast: Merry books-to-tax season