Ahead of the Oct. 15 deadline for extension filers, the Internal Revenue Service is reminding tax professionals that their digital networks are at risk for remote takeover by a new phishing email scam in which cybercriminals impersonate tax software providers and try to steal usernames and passwords.
This scam shows that cybercriminals are “tax-savvy,” according to the IRS, “and underscores the need for tax professionals to take strong security measures to protect their clients and … their business.”
The latest scam is labeled “Software Support Update” and describes an “Important Software System Upgrade.” Plus, it thanks recipients for their continued trust in the software provider, which mimics the software providers’ email templates.
It also asks recipients to revalidate their login credentials and gives them a fictitious website that looks like the software provider’s real login page.
“This is another emerging threat to tax professionals that the IRS has seen on the rise,” IRS Commissioner John Koskinen said in a statement. “A remote takeover can be devastating to practitioners’ business as well as to the taxpayers they serve. It’s critical for people to take steps to understand and prevent these security threats before it’s too late.”
Such scams — or phishing — happens when scammers act like a friend, client or company and share attachments that potential victims download, releasing malware and giving criminals remote access to a computer. According to the IRS, such takeovers could lead to fraudulent tax filings and damage to their clients.
“Instead of upgrading software, the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers’ accounts and to steal client information,” the IRS said in a press release.