Attention FAE Customers:
Please be aware that NASBA credits are awarded based on whether the events are webcast or in-person, as well as on the number of CPE credits.
Please check the event registration page to see if NASBA credits are being awarded for the programs you select.

IRS Warns Tax Pros to Be on the Lookout for 'New Client' Scams This Season

By:
S.J. Steinhardt
Published Date:
Jan 10, 2024

As tax season approaches, the IRS and its Security Summit partners are warning tax professionals to brace for filing season-related email schemes in which cybercriminals pose as potential clients.

These "new client" scams that target accounting groups and tax preparation firms are a seasonal issue for the IRS. The scams usually peak during tax season, which runs from Jan. 29 to April 15 this year. In such scams, identity thieves impersonate real taxpayers seeking help with their taxes by using emails to try to obtain sensitive information or to gain access to tax professionals' client data.

"These intricate email scams pose a real risk to tax professionals and the taxpayers they represent," said IRS Commissioner Danny Werfel. "Cybercriminals try to capitalize on tax season by masquerading as real taxpayers looking for help. What they really want to do is help themselves to the sensitive client data of tax professionals. We urge tax professionals and their employees to be extra cautious when receiving unexpected email solicitations and avoid clicking on links or opening attachments."

Last year, the IRS reported receiving received hundreds of reports at phishing@irs.gov of t new-client scams. The new- client scams made up roughly two-thirds of the 400 reports of business email compromise (BEC) or business email spoofing (BES) complaints that came into that address. The number of actual spearphishing emails sent to tax professionals associated with these campaigns likely runs into the thousands, the IRS estimated, with the intended goal of reaching tens of thousands of preparers operating across the country. Spearphishing scams attack target specific victims, with messages modified to those individuals.

The IRS advised tax pros to watch out for certain clues for what be a phishing attempt. An email asking for tax assistance may contain a malicious link or attachment, or an initial email may inquire if the tax pro is seeking new clients. In such an instance, the tax pros’ response to the initial email may trigger a second email that will then contain a malicious link or attachment. 

Such a link or attachment, when opened, can fool the tax pro into unintentionally allowing the cybercriminal to collect the preparer's email address, password and possibly other information, or to load malware onto the tax pro's computer to gain system access.

The IRS provided an example of a new-client scam email that has been circulating recently.

Other related scams include cybercriminals impersonating the IRS, state tax agencies, tax software companies or financial institutions. The IRS also warned about scams impersonating other agencies offering government benefits or brands offering various services.

The IRS urged tax professionals to report all unsolicited email claiming to be from the IRS or an IRS-related function, including the full email headers, to phishing@irs.gov. Any monetary losses due to an IRS-related scam incident should be reported to the Treasury Inspector General Administration (TIGTA), Federal Trade Commission and the Internet Crime Complaint Center. Scam victims can also forward the email to their Internet Service Provider's abuse department.

In the case of a data breach, tax pros can get help from the IRS Stakeholder Liaison and law enforcement, such as a local office of the Federal Bureau of Investigation (FBI) or United States Secret Service, as well as local police.

Tax pros can also report a data breach to the Federation of Tax Administrators. In addition, most states require that their respective attorneys general be notified of data breaches.

Click here to see more of the latest news from the NYSSCPA.