Tax Law and News Watch out for “new client” email scam Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Intuit Accountants Team Modified Mar 1, 2024 2 min read Tax professionals should watch out for a “new client” scam—an email scheme where cybercriminals pose as potential clients. This scam peaks during the busy tax filing season. How the new client scam works The scammer emails a tax professional to ask for help with their taxes. This phishing email has a malicious link or attachment that the scammer claims is their tax information. When the tax professional clicks the link or opens the attachment, the scammer gets access to the preparer’s email address, password, and possibly other information. Some scammers may also load malware onto the tax pro’s computer to gain access to their system—and their clients’ data. Scammers may also use the tax professional’s hacked email account to target clients. Where to report phishing emails and other scams People should report unsolicited email that claims to be from the IRS to phishing@irs.gov. For those experiencing any money loss due to an IRS-related scam incident, report it to: The Treasury Inspector General for Tax Administration Federal Trade Commission The Internet Crime Complaint Center People can also forward the email to their internet service provider’s abuse department. Data breaches: What to do if a tax professional is victimized If reported quickly, the IRS can block fraudulent returns in clients’ names and take other steps to protect the tax professional and their clients. For tax professionals who are victims, the IRS recommends immediately reporting data theft to the local IRS Stakeholder Liaison representative. Liaisons notify IRS Criminal Investigation and others within the agency on the tax professional’s behalf. Tax professionals should also report fraud incidents to the local offices of the FBI and Secret Service and to their local police. To report data breaches to the state in which they prepare state returns, tax professionals can contact these organizations: Federation of Tax Administrators: Tax professionals can use this special “report a data breach” web page to get state guidance on reporting scam victims. State attorneys general: Most states require that the state attorney general receive notification of data breaches. Create a written information security plan A key component to responding to a data breach is to have an effective action plan and know who to contact. Under FCC rules, tax professionals must have a Written Information Security Plan. As part of the Security Summit effort, the group’s tax professional team developed a special document that allows practitioners to quickly develop one. Previous Post Tax breaks for victims of natural disasters Next Post April 2024 tax and compliance deadlines Written by Intuit Accountants Team The Intuit® Accountants team provides ProConnect™ Tax, Lacerte® Tax, ProSeries® Tax, and add-on software and services to enable workflow for its customers. Visit us at https://proconnect.intuit.com, or follow us on Twitter @IntuitAccts. More from Intuit Accountants Team Comments are closed. Browse Related Articles Practice Management Consultant spotlight: Jason Tritle Practice Management Consultant spotlight: Corey Spear Practice Management Consultant spotlight: Drew Hickman Practice Management Top 7 advantages of choosing a firm niche Advisory Services Your firm: Maximizing value over volume Practice Management ProSeries® Tax spotlight: Nayo Carter-Gray, EA, MBA Practice Management Consultant Spotlight: Katherine Weiler Webinars Technology and Your Clients: Dec. 19 Webinars Escalating IRS Correspondence: Dec. 17 Webinars Intuit Hosting Hacks: Dec. 18