As this year’s tax season revs up, scammers have rolled out a new data theft scheme focused on tax professionals.
The IRS announced last week that the agency had identified a new swindle that begins with cybercriminals downloading malicious software onto practitioners’ computers that enables them to steal client data and file fraudulent tax returns seeking a refund.
In a few cases, the thieves used the taxpayers’ real bank accounts for the deposit. Then, a woman who identified herself as an official of a debt collection agency contacted victims to say a refund had been erroneously deposited into their accounts, and asked them to forward the money to her.
The IRS noted that because of inroads by the agency and its Security Summit partners — including state tax agencies and the tax industry — against identity theft, cybercriminals have refocused their efforts on tax professionals from whom they can steal client data.
“Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions,” according to the IRS statement.
“Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.”