Tax pros warned of new scam to steal passwords

Published 3:27 pm Saturday, August 12, 2017

WASHINGTON, D.C. — The Internal Revenue Service, state tax agencies and the tax industry warned tax professionals to be alert to a new phishing email scam impersonating tax software providers and attempting to steal usernames and passwords. This is the time of year when many software providers issue software upgrades and when tax professionals are working to meet the Oct. 15 deadline for extension filers.

“This is another very sophisticated scam that shows how valuable cyber crooks view taxpayer information,” IRS spokesman Luis D. Garcia said. “We want to insure tax professionals are on their toes and alert to this latest scam. Double checking who really sent an email and using strong security measures will help protect their clients and protect their business.”

These types of phishing scams are why the IRS, state tax agencies and the tax industry, acting as the Security Summit, launched the 10-week “Don’t Take the Bait” campaign currently underway. This awareness effort highlights the many tactics of cybercriminals as well as the steps tax professionals can take to protect their clients and themselves.

This latest scam email variation comes with a subject line of “Software Support Update” and highlights an “Important Software System Upgrade.” It thanks recipients for continuing to trust the software provider to serve their tax preparation needs and mimics the software providers’ email templates.

The email informs the recipients that due to a recent software upgrade, the preparer must revalidate their login credentials. It provides a link to a fictitious website that mirrors the software provider’s actual login page.

Instead of upgrading software, the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers’ accounts and to steal client information.

The Security Summit reminds tax professionals that software providers do not embed links into emails asking them to validate passwords. Also, tax professionals and taxpayers should never open a link or an attachment from a suspicious email.

Tax professionals can review additional tips to protect clients and themselves at Protect Your Clients, Protect Yourself on IRS.gov.

Tax professionals who receive emails purportedly from their tax software providers seeking login credentials should send those scam emails to their tax software provider.

For Windows users, follow this process to help the investigation of these scam emails:

  • Use “Save As” to save the scam. Under “save as type” in the drop-down menu, select “plain text” and save to the desktop. Do not click on any links.
  • Open a new email and attach this saved email as a file.
  • Send a new email containing the attachment to the tax software provider, as well as a copy to Phishing@IRS.gov.