A new variation of this phishing scheme is targeting accounting and tax preparation firms nationwide. The scheme's objective is to collect sensitive information that will allow fraudsters to prepare fraudulent tax returns.
These latest phishing emails come in typically two stages. The first email is the solicitation, which asks tax professionals questions such as, "I need a preparer to file my taxes." If the tax professional responds, the cybercriminal sends a second email. This second email typically has either an embedded web address or a PDF attachment that has an embedded web address.
In some cases, the phishing emails may appear to come from a legitimate sender or organization (perhaps even a friend or colleague) because they also have been victimized. Fraudsters have taken over their accounts to send phishing emails.
The tax professional may think they are downloading a potential client's tax information or accessing a site with the potential client's tax information. In reality, the cybercriminals are collecting the preparer's email address and password and possibly other information.
The Security Summit urges tax professionals and tax preparation firms to consider creating internal policies or obtain security experts' recommendations on how to address unsolicited emails seeking their services.
- Tip: Never respond to, or click on, a link in an unsolicited email or PDF attachment from an unknown sender. As the IRS, the states, and the tax industry make progress in the fight against identity theft, cybercriminals are becoming more sophisticated in their efforts to steal additional client information. Criminals need more data in their effort to impersonate clients and file fraudulent returns to claim refunds -- and schemes like this can help in this effort. To learn more, click here.