Ahead of the Oct. 15 deadline for extension filers, the Internal Revenue Service is reminding tax professionals that their digital networks are at risk for remote takeover by a new phishing email scam in which cybercriminals impersonate tax software providers and try to steal usernames and passwords.
This scam shows that cybercriminals are “tax-savvy,” according to the IRS, “and underscores the need for tax professionals to take strong security measures to protect their clients and … their business.”
The latest scam is labeled “Software Support Update” and describes an “Important Software System Upgrade.” Plus, it thanks recipients for their continued trust in the software provider, which mimics the software providers’ email templates.
It also asks recipients to revalidate their login credentials and gives them a fictitious website that looks like the software provider’s real login page.
“This is another emerging threat to tax professionals that the IRS has seen on the rise,” IRS Commissioner John Koskinen said in a statement. “A remote takeover can be devastating to practitioners’ business as well as to the taxpayers they serve. It’s critical for people to take steps to understand and prevent these security threats before it’s too late.”
Such scams — or phishing — happens when scammers act like a friend, client or company and share attachments that potential victims download, releasing malware and giving criminals remote access to a computer. According to the IRS, such takeovers could lead to fraudulent tax filings and damage to their clients.
“Instead of upgrading software, the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers’ accounts and to steal client information,” the IRS said in a press release.
Software providers do not embed links in emails that ask for password validation, the government body says, adding that both tax professionals and taxpayers “should never open a link or an attachment from a suspicious email.”
What to Do
In order to boost awareness about such takeovers, the IRS launched “Don’t Take the Bait,” a 10-part campaign aimed at tax professionals, in July.
“Multiple incidents have been reported to the IRS in the past year as tax professionals’ systems have been secretly infiltrated. The criminals accessed client tax returns, completed those returns, e-filed them and secretly directed refunds to their own accounts,” the organization said in a statement.
Cyberattacks work via weaknesses in security settings. Another line of attack involves the use of malware to download malicious code, which gives criminals access to the network.
“Especially vulnerable are wireless networks, including mobile phones, modems and router devices, printers, fax machines and televisions that retain their factory-issued password settings. Sometimes, these devices have no protection at all,” according to the IRS.
The IRS is urging tax professionals to take the following steps to help protect themselves and clients from remote takeovers:
- Educate staff members about the dangers of phishing scams, which can be in the form of emails, texts and calls, as well as the threat posed by remote access attacks;
- Use strong security software, set it to update automatically and run a periodic security “deep scan” to search for viruses and malware;
- Identify and assess wireless devices connected to the network, including mobile phones, computers, printers, fax machines, routers, modems and televisions. Replace factory password settings with strong passwords.
- Strengthen passwords for devices and for software access. Make sure passwords are a minimum of eight digits (more is better) with a mix of numbers, letters and special characters;
- Be alert for phishing scams: do not click on links or open attachments from unknown, unsolicited or suspicious senders;
- Review any software that employees use to remotely access the network as well as those used by IT support vendors to remotely troubleshoot technical problems. Remote access software is a potential target for bad actors to gain entry and take control of a machine. Disable remote access software until it is needed.
— Check out Summer Tax Scams in Full Swing, IRS Warns on ThinkAdvisor.