The Internal Revenue Service urged tax professionals to steer clear of so-called "spearphishing" scams from cybercriminals, including identity thieves posing as new clients.
The advisory, issued by the IRS on Tuesday, is part of the IRS's annual "Dirty Dozen" list of tax scams, and echoes
Spearphishing is a more targeted form of cyberattack against specific people or organizations than the more common phishing scheme. In the "new client" scam, cybercriminals pretend to be genuine taxpayers who are asking the tax pro for assistance with their taxes, using fake emails to elicit sensitive data or get access to the preparer's client information from their computer systems. Such scams tend to peak around tax season, but are still a threat for the rest of the year as well. Cybercriminals who manage to get access to a tax practitioner's credentials, or their client's tax-related information, can reach multiple victims.
"It's crucial for tax professionals and businesses to be wary of creative and evolving cyberattacks designed to access sensitive systems," said IRS Commissioner Danny Werfel in a statement Tuesday. "Cyberattacks pose a threat to not just the livelihood of the businesses, but the sensitive tax and personnel information that identity thieves can use to try filing fake tax returns."
He urged tax pros to exercise extra caution when opening emails, clicking on links, or sharing private client information so cybercriminals don't take advantage of them.
