The IRS yesterday issued a news release alerting tax professionals to a new tax scam involving fake emails purporting to be from tax software providers.
The IRS said that in the new scheme, which was identified as part of the IRS Security Summit process, tax professionals are receiving emails pretending to be from a tax software companies. The email scheme requests the recipient to download and install an important “software update” via a link included in the e-mail.
Once a recipient clicks on the embedded link, they are directed to a website prompting them to download a file appearing to be an update of their software package. The file has a naming convention that uses the actual name of their software followed by an “.exe extension.”
Upon completion of this so-called update, tax professionals are led to believe they have downloaded a software update when in fact they have loaded a program designed to track the tax professional’s key strokes, which is a common tactic used by cyber thieves to steal login information, passwords, and other sensitive data. A copy of IR-2016-103 is available here.
The IRS is also seeing a surge in automated calls warning individuals to settle their “tax bills” and demanding payments using iTunes or other gift cards.
In most cases, the robocalls claim to be a last step before legal action ensues, the Internal Revenue Service said in an Aug. 2 news release, IR-2016-99. Requesting payment on a gift card—a relatively new trend—is a “clear indication of a scam,” the IRS said.
“It used to be that most of these bogus calls would come from a live person. Scammers are evolving and using more and more automated calls in an effort to reach the largest number of victims possible,” IRS Commissioner John Koskinen said. “Taxpayers should remain alert for this summer surge of phone scams, and watch for clear warning signs as these scammers change tactics.”
The IRS – and NSA - urges all readers to take the following steps:
- Be alert for phishing scams: do not click on links or open attachments contained in e-mails and always utilize a software providers main webpage for connecting to them.
- Run a security “deep scan” to search for viruses and malware;
- Strengthen passwords for both computer access and software access; make sure your password is a minimum of 8 digits (more is better) with a mix of numbers, letters and special characters;
- Educate all staff members about the dangers of phishing scams in the form of emails, texts and calls;
- Review any software that your employees use to remotely access your network and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems. Remote access software is a potential target for bad actors to gain entry and take control of a machine.
Tax professionals should also review Publication 4557, Safeguarding Taxpayer Data, A Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security.#IdentityTheft #IRSReleases #DataSecurity #NewsandInformation