Just in time for the busy income tax season, cybercriminals have launched a variety of email scams designed to target tax professionals, according to a recent IRS alert. The latest scam is a form of email phishing, in which hackers hope you’ll reveal your login details and credentials, giving them access to your accounts and information.
How It Works
The cybercriminal poses as an actual client and sends you an email asking for your help in preparing a return or with a similar service. You visit the site, where you are asked to log in and provide legitimate details; the site will look real and may spoof a legitimate brand or company. Once access is attained, your identify details and financial accounts can be exploited, and the criminal can file fraudulent tax forms on your behalf.
This scam often arrives in two waves: The first email asks questions or for help; then the second contains a web address or attached documents that require you to visit a web address to download. Once you visit, your details are captured and exploited.
Avoid Being a Victim
Most phishing scams begin the same way; the victim receives an email and is asked to download a document or click a link. A good first start is to simply be aware that links or documents sent to you from strangers, even those asking for your help or hoping to hire you, can be dangerous.
Many phishing scams operate by posing as a real website and attempt to get you to provide your real login credentials. A link could take you to a fake (but legitimate-looking) website, supposedly to get a message to track a package containing tax documents. The site would then require you to log in to get the information.
but important information about your username and password on other sites, too. Most of us use the same passwords (or variations of the same passwords) on multiple sites, so cybercriminals can exploit your information in a variety of ways.
Avoid the scam by visiting the known, legitimate site without clicking the link – you’ll be able to log in safely and see if something is waiting for you. This scam isn’t just for webpages; cybercriminals use it for apps, too, so proceed with caution if you are asked to log into an app or download an app outside of iTunes or another legitimate source.
Review the details of this scam with any employees who work on or prepare tax documents or who have access to your system; a well-meaning employee could expose your business to risk, simply by clicking on the wrong link at tax time.
Simple vigilance and awareness can help prevent you from becoming a victim. Learning more about the ways cybercriminals are targeting our profession can help you look at links and attachments the right way and ensure you don’t become a victim.