The Internal Revenue Service is cautioning tax professionals to beware of an uptick it's already starting to see this year in cybercriminals pretending to be new tax clients as a way to scam tax pros.
The IRS and its private sector and public sector partners in the Security Summit have seen such scams before, but on Tuesday it said it's seen new reports of "new client" scams. Usually, such scams peak during tax season. But with the
"These intricate email scams pose a real risk to tax professionals and the taxpayers they represent," said IRS Commissioner Danny Werfel in a statement Tuesday. "Cybercriminals try to capitalize on tax season by masquerading as real taxpayers looking for help. What they really want to do is help themselves to the sensitive client data of tax professionals. We urge tax professionals and their employees to be extra cautious when receiving unexpected email solicitations and avoid clicking on links or opening attachments."
The goal of the scam is to steal sensitive personal information that will enable fraudsters to prepare genuine-looking tax returns to collect a refund or use it for other kinds of fraud.
Last year, the IRS received hundreds of reports at
Here's an example of a current new client scam being seen by the IRS:
Subject: 2024 Tax Submission
Hello,
My name is (name can vary), I am searching for another CPA to help handle my taxes.
Is it safe to say that you are accepting new clients for the 2024 tax season? Do you additionally assist with IRS representation?
I figured I may have an issue with last year's return. (Click) HERE TO VIEW MY CREDENTIAL [Link to a phishing web address]
Upon your approval, we can arrange a physical or virtual meeting to discuss my situation and also provide my tax documents amongst others.
Kindly prompt how you plan to push ahead.
Best Regards,
(Name varies)
Scammers may send an email asking a tax pro for help with their taxes, and the phishing email will contain a malicious link or attachment. Or the scammer could take a more cautious approach by sending an initial email asking if the tax pro is seeking new clients. When the tax pro responds to the initial email, the scammer then sends a second email with a malicious link or attachment.
During this process, the tax pro may believe they're downloading a potential client's tax information or accessing a site with the potential client's tax information. Cybercriminals could collect the preparer's email address, password and possibly other information — or load malware onto the tax pro's computer to gain system access.
In one of the examples being seen by the IRS, the new client scam features several red flags that should raise questions about the legitimacy of the email. That includes awkwardly phrased sentences and odd word usage. However, with access to a stolen email account, scammers can find a legitimate email from a previous victim's email account between the victim and their tax preparer. The email might have no grammatical or spelling mistakes or reference what appear to be legitimate tax issues, which is then repurposed as part of the new client phishing scam. The subject line will often reference the current tax season and the underlying message will amount to the sender needing someone to "help prepare their taxes."
In certain cases, new client phishing emails can seem to come from a legitimate sender or organization (maybe even a trusted friend or colleague) because the friend or colleague had their own email account credentials stolen. Setting up two-factor or multifactor authentication with an email provider can reduce the risk of a compromised email account.
Posing as a trusted organization or friend is a common way to target individuals and tax preparers for different scams. The IRS recommended tax pros verify the identity of the sender by using another communication method; for instance, such as calling a number they independently know to be accurate, as opposed to the phone number listed in the email or text.