IR-2023-62: Dirty Dozen: IRS urges tax pros and other businesses to beware of spearphishing; offers tips to avoid dangerous common scams
Internal Revenue Service (IRS) sent this bulletin at 03/29/2023 12:05 PM EDT
|
|||
News EssentialsThe Newsroom TopicsIRS Resources |
Issue Number: IR-2023-62Inside This IssueDirty Dozen: IRS urges tax pros and other businesses to beware of spearphishing; offers tips to avoid dangerous common scams WASHINGTON – The Internal Revenue Service today warned tax professionals and businesses that they remain a top target for identity thieves and face threats from common scams on this year’s Dirty Dozen list. As part of the annual Dirty Dozen tax scams effort, the IRS and the Security Summit partners urged tax professionals and businesses to be on the lookout for a variety of suspicious email requests. Through these spearphishing emails, scammers try to steal client data, tax software preparation credentials and tax preparer identities with the goal of getting fraudulent tax refunds. These requests can range from an email that looks like it’s from a potential new client to a request targeting payroll and human resource departments asking for sensitive Form W-2 information. “It’s vitally important for tax professionals and businesses to maintain a strong defense against cyberattacks like spearphishing,” said IRS Commissioner Danny Werfel. “The information these businesses have on their systems is extremely valuable to an identity thief looking to steal identities and file fraudulent tax returns. There are simple steps that tax pros and businesses can take to avoid being fooled by these common schemes, including extra caution when opening emails, clicking on links or sharing sensitive client data. Extra care can go a long way to protect tax professionals and businesses as well as their clients.” Working together as the Security Summit, the IRS, state tax agencies and the nation’s tax industry have taken numerous steps since 2015 to strengthen internal systems and controls to protects against tax-related identity theft. As part of this effort, the IRS and Summit partners continue to warn people about common scams and schemes during tax season and beyond that can threaten a taxpayer’s personal and financial information. The Security Summit initiative is committed to protecting taxpayers, businesses and the tax system from scammers and identity thieves, and the Dirty Dozen is part of the larger effort. The IRS’ annual Dirty Dozen campaign is a list of 12 scams and schemes that put taxpayers and the tax professional community at risk of losing money, personal information, data and more. Some items on the Dirty Dozen are new and some make a return visit. While the Dirty Dozen is not a legal document or a formal listing of agency enforcement priorities, it is intended to alert taxpayers and the tax professional community about various scams and schemes. Side-step spearphishing: Cyber security tips for tax pros and businesses The IRS is warning tax professionals about spearphishing because there is greater potential for harm if the tax preparer has a data breach. A successful spearphishing attack can ultimately steal client data and the tax preparer’s identity, allowing the thief to file fraudulent returns. A taxpayer becoming a victim of tax-related identity theft is certainly an issue with spearphishing, but criminals seeking tax preparer credentials or access to their client’s tax-related information increases the potential number of victims. Spearphishing begins with a suspicious email – one that may appear as a tax preparation application or another e-service or platform. Some scammers will even use the IRS logo and claim something like “Action Required: Your account has now been put on hold.” Often these emails stress urgency and will ask tax pros or businesses to click on links to input or verify information. How to side-step spearphishing:
Client impersonation: Spearphishing aimed at tax pros Bogus requests for W-2s: Spearphishing aimed at businesses The IRS recommends using a two-person review process when receiving these types of requests for W-2s. The IRS also recommends any requests for payroll be submitted through an official process, like the employer’s Human Resources portal. Make a difference: Report fraud, scams and schemes Taxpayers can also report scams to the Treasury Inspector General for Tax Administration or the Internet Crime Compliant Center. The Report Phishing and Online Scams page at IRS.gov provides complete details. The Federal Communications Commission’s Smartphone Security Checker is a useful tool against mobile security threats. As part of the Dirty Dozen awareness effort, the IRS encourages people to report individuals who promote improper and abusive tax schemes as well as tax return preparers who deliberately prepare improper returns. To report an abusive tax scheme or a tax return preparer, people should mail or fax a completed Form 14242, Report Suspected Abusive Tax Promotions or Preparers and any supporting materials to the IRS Lead Development Center in the Office of Promoter Investigations. Mail: Alternatively, taxpayers and tax practitioners may send the information to the IRS Whistleblower Office for possible monetary reward. For more information, see Abusive Tax Schemes and Abusive Tax Return Preparers.
Thank you for subscribing to the IRS Newswire, an IRS e-mail service. If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe. This message was distributed automatically from the mailing list IRS Newswire. Please Do Not Reply To This Message. |