IRS Warns of New Phishing Scam Targeting Tax Pros

Chris Gaetano
Published Date:
Nov 7, 2016


The IRS is warning tax professionals to look out for a suspicious email that claiming to be about, ironically enough, security awareness, saying that it is another attempt by scammers to collect personal information for identity theft. 

The subject line for the fraudulent email is “Security Awareness for Tax Professionals.” The “From” line is “Your e-Services Team.” It has both an IRS logo and an e-services logo that hyperlinks to a URL verified as a phishing site. The spoofing site poses as an e-services registration page and tries to trick tax professionals into revealing their e-services usernames and passwords, along with other, even more personal, data. 

The IRS advises that if you have already provided information to this site, then you should contact IRS e-services (the real one) to reset your accounts, as well as change your passwords if the one you have up is used for other accounts. The IRS also recommended, as an extra precaution, running a deep security scan on your system. 

The IRS reminded tax professionals that they should always go directly to the IRS website to access e-services, as opposed to clicking a link in an email. Tax professionals who receive a suspicious email should send it as an attachment to and then delete it. Recipients should not click on any links.

The new scam, according to the IRS, is an attempt to circumvent new protection measures instituted this year. The IRS, along with state tax authorities and private sector partners, announced that they will be beefing up security even further in 2017. These include: 

  • * New data elements transmitted by the tax industry with every tax return have been updated and expanded. In all, 37 new data elements will be added for 2017, providing additional information to strengthen the authentication that a tax return is being filed by the real taxpayer.
  • * The tax industry will share with the IRS and states 32 data elements from business tax returns – extending more identity theft protections to business filers as well as individuals.
  • * More than 20 states are working with the financial services industry to create their own version of a program that allows the industry to flag suspicious refunds before they are deposited into taxpayer accounts. Also, private sector partners are enhancing efforts to identify the “ultimate bank account” to ensure that the refunds go into the true taxpayers’ accounts – not fraudsters.
  • * The Form W-2 Verification Code initiative started by the IRS last year will expand to 50 million forms in 2017 from 2 million in 2016. When completing a tax return, the 16-digit verification code should be entered when prompted by tax software used by both individuals and tax professionals to validate the information on the Form W-2. The IRS anticipates the verification code will be expanded in future years for all Forms W-2.
  • * The software industry will continue to enhance software password requirements for individuals and tax professional users – providing additional safety prior to filing.

Click here to see more of the latest news from the NYSSCPA.