Phishing the Threat of Choice of Identity Thieves

During the 2016 tax season the IRS and tax preparers alike saw a big spike in phishing and malware incidents. Unfortunately, the 2017 season is shaping up to be more of the same. In fact, the Internal Revenue Service has included these phishing schemes to its “Dirty Dozen” list of the worst tax scams.

New and evolving phishing schemes have already been seen in January. Email scams have surfaced recently that target taxpayers, tax professionals, payroll professionals, human resources personnel and schools. The goal, of course, is to trick the recipient into passing along the personal confidential information for employees, customers or clients.

In these emails, the scammer poses as a person or organization the recipient recognizes and trusts. These scam emails may appear to be from a bank, a credit card company, tax software provider or a government agency. Identity thieves can go to great lengths to create emails and websites that appear to be legitimate. But their log-in pages will take the unwitting recipient to the scammer’s site, where they may be tricked into divulging log-ins, passwords, Social Security numbers and other information that can lead to identity theft and income tax fraud.

Another tool of the scammer is malware. Once an email user is fooled into clicking the link from the scammer, their computer could be loaded with surreptitious programs that can give the scammer access to their computer, enabling the crook to access sensitive files or track keystrokes to learn passwords.

“These email schemes continue to evolve and can fool even the most cautious person. Email messages can look like they come from the IRS or others in the tax community,” said IRS Commissioner John Koskinen. “Taxpayers should avoid opening surprise emails or clicking on web links claiming to be from the IRS. Don’t be fooled by unexpected emails about big refunds, tax bills or requesting personal information. That’s not how the IRS communicates with taxpayers.”

The IRS and its tax industry partners have adopted a united front against identity theft and tax fraud. The federal agency has teamed up with state tax agencies and tax industry partners to get the message out to taxpayers and tax pros about the dangers to their personal and financial data. This wide-ranging partnership has already yielded results from the Security Summit task force formed to combat the threats. Summit members have helped the IRS develop more secure processes for e-filing.

At first, the efforts of scammers and hackers were focused against the taxpayer. But the threat has since also turned toward tax professionals, in the form of phishing emails that attempt to access client data. Tax pros can utilize the IRS web site Protect Your Client; Protect Yourself for the latest threats, news and strategies for the tax industry.

Tax professionals who receive unsolicited suspicious emails that appear to be from the IRS or related to the e-Services program should report it by sending it to phishing@irs.gov.