From IRS Newswire <[email protected]>
Subject IR-2024-05: IRS, Security Summit partners warn of surge in “new client” scams aimed at tax pros as 2024 filing season approaches
Date January 9, 2024 5:31 PM
  Links have been removed from this email. Learn more in the FAQ.
  Links have been removed from this email. Learn more in the FAQ.
Bookmark and Share [ [link removed] ]

a { color:#0073AF !important;} a:hover { color:#004673 !important;}
IRS.gov Banner
IRS Newswire January 9, 2024

News Essentials

What's Hot [ [link removed] ]

News Releases [ [link removed] ]

IRS - The Basics [ [link removed] ]

IRS Guidance [ [link removed] ]

Media Contacts [ [link removed] ]

Facts & Figures [ [link removed] ]

Around The Nation [ [link removed] ]

e-News Subscriptions [ [link removed] ]

________________________________________________________________________

The Newsroom Topics

Multimedia Center [ [link removed] ]

Noticias en Espa?ol [ [link removed] ]

Radio PSAs [ [link removed] ]

Tax Scams [ [link removed] ]

The Tax Gap [ [link removed] ]

Fact Sheets [ [link removed] ]

IRS Tax Tips [ [link removed] ]

Armed Forces [ [link removed] ]

Latest News Home [ [link removed] ]

________________________________________________________________________

IRS Resources

Contact My Local Office [ [link removed] ]

Filing Options [ [link removed] ]

Forms & Instructions [ [link removed] ]

Frequently Asked Questions [ [link removed] ]

News [ [link removed] ]

Taxpayer Advocate [ [link removed] ]

Where to File [ [link removed] ]

IRS Social Media [ [link removed] ]

________________________________________________________________________


Issue Number: ???IR-2024-05

Inside This Issue
________________________________________________________________________

*IRS, Security Summit partners warn of surge in ?new client? scams aimed at tax pros as 2024 filing season approaches*

WASHINGTON ? The Internal Revenue Service and the Security Summit partners today alerted tax professionals to watch out for a new round of filing season-related email schemes where cybercriminals pose as potential clients.?

Previously, the IRS observed a surge in these seasonal ?new client? scams where identity thieves target accounting groups and tax preparation firms with fake emails. This year, the IRS has already observed reports of new client scams. Typically, the new client scam peaks during tax season, which runs from January through April. With the 2024 tax season quickly approaching, fraudsters are impersonating real taxpayers seeking help with their taxes, using emails to try obtaining sensitive information or gain access to tax professionals? client data.?

?These intricate email scams pose a real risk to tax professionals and the taxpayers they represent,? said IRS Commissioner Danny Werfel. ?Cybercriminals try to capitalize on tax season by masquerading as real taxpayers looking for help. What they really want to do is help themselves to the sensitive client data of tax professionals. We urge tax professionals and their employees to be extra cautious when receiving unexpected email solicitations and avoid clicking on links or opening attachments.??

The Security Summit [ [link removed] ] partners ? a group composed of the IRS, state tax agencies and the nation?s tax industry ? work together to protect taxpayers and tax professionals against tax-related identity theft.

The Summit partners warn that the new client email scam?s objective is to steal sensitive personal information that will allow fraudsters to prepare authentic looking tax returns to collect a refund ? or use it to commit other types of fraud.?

Last year, the IRS received hundreds of reports at [email protected] of the new client scam. The new client scam made up roughly two-thirds of the 400 reports of business email compromise (BEC) or business email spoofing (BES) complaints that came in to [email protected].?

Given the mass production of these messages by cybercriminals, the number of actual spearphishing emails sent to tax professionals associated with these campaigns likely runs into the thousands with the goal to reach tens of thousands of preparers operating across the country.?

*Tax pros: What to watch out for in the new client emails*?

New client scams can try a direct approach by sending an email asking the tax pro to help them with their taxes where the phishing email contains a malicious link or attachment. Or the scammer might take a more cautious approach by sending an initial email asking if the tax pro is seeking new clients. When the tax pro responds to the initial email, the scammer sends a second email that will then contain a malicious link or attachment.?

During this process, the tax professional may think they are downloading a potential client's tax information or accessing a site with the potential client's tax information. Cybercriminals could collect the preparer's email address, password and possibly other information ? or load malware onto the tax pro?s computer to gain system access.?

In one of the current examples being seen by the IRS, the new client scam features several red flags that should raise questions about the legitimacy of the email. This includes awkwardly phrased sentences and odd word usage. However, with access to a stolen email account, scammers can find a legitimate email from a previous victim?s email account between the victim and their tax preparer. This email might have no grammatical or spelling mistakes or reference what appear to be legitimate tax issues, which is then re-purposed as part of the new client phishing scam. The subject line will often reference the current tax season and the underlying message will amount to the sender needing someone to ?help prepare their taxes.??

Here?s an example of a current new client scam being seen:?

"Subject: 2024 Tax Submission"

"Hello,""?"

"My name is (name can vary), I am searching for another CPA to help handle my taxes.""?"

"Is it safe to say that you are accepting new clients for the 2024 tax season? Do you additionally assist with IRS representation?""?"

"I figured I may have an issue with last year's return. (Click) HERE TO VIEW MY CREDENTIAL [Link to a phishing web address]""?"

"Upon your approval, we can arrange a physical or virtual meeting to discuss my situation and also provide my tax documents amongst others.""?"

"Kindly prompt how you plan to push ahead.""?"

"Best Regards,"

"(Name varies)"?

In some cases, new client phishing emails may appear to come from a legitimate sender or organization (perhaps even a friend or colleague) because their friend or colleague had their email account credentials stolen. Setting up two-factor or multi-factor authentication with your email provider can reduce the risk of having your email account compromised.?

Posing as a trusted organization or friend remains a common way to target individuals and tax preparers for a variety of scams. Individuals should verify the identity of the sender by using another communication method; for instance, calling a number they independently know to be accurate, not the number provided in the email or text.?

*Related schemes also threaten tax pros, taxpayers*

Phishing emails sent from compromised email accounts and phishing emails that spoof legitimate organizations threaten tax professionals daily.?

While tax professionals ? as well as taxpayers ? should be wary of phishing emails where cyberthieves send emails from stolen email addresses from a business or an individual, there are many other forms of phishing emails during tax season. Cybercriminals will impersonate the IRS, state tax agencies, tax software companies or financial institutions. Phishing scams impersonate other agencies offering government benefits or brands offering various services, such as things like document verification or shipping. Taxpayers should remain vigilant to phishing scams year-round.?

*Where to report phishing emails and other scams*

Report all unsolicited email - including the full email headers - claiming to be from the IRS or an IRS-related function to [email protected]. For those experiencing any monetary losses due to an IRS-related scam incident, please report it to the Treasury Inspector General Administration (TIGTA) [ [link removed] ], Federal Trade Commission [ [link removed] ] and the Internet Crime Complaint Center [ [link removed] ]. People can also forward the email to your Internet Service Provider?s abuse department.?

*Data breaches: What to do if a tax pro is victimized*?

Speed is critical if a tax professional becomes a data breach victim. A key component to responding to a data breach ? like those that can occur if a tax professional is a victim of the new client scam ? is to have an effective action plan and knowing who to contact.?

Tax professionals have a variety of resources to get help from the IRS and law enforcement in case of a data breach:?


* IRS Stakeholder Liaison [ [link removed] ] ? For tax professionals who are victims, the IRS recommends quickly reporting data theft to the local Stakeholder Liaison representative immediately. Liaisons will notify IRS Criminal Investigation and others within the agency on the tax professional's behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients' names and take other steps to protect the tax professional their clients.
* Federal Bureau of Investigation [ [link removed] ] - the local office.
* Secret Service [ [link removed] ] - the local office (if directed).
* Local police ? to file a police report on the data breach.?

Contacting states in which tax professionals prepare state returns:?


* Federation of Tax Administrators [ [link removed] ] ? Tax professionals can reach this special "report a data breach" web page for victim reporting guidance to the states.
* State Attorneys General [ [link removed] ] - most states require that the state attorney general be notified of data breaches.?

For tax professionals, being prepared for a data breach reflects the importance of having a written security plan. Under Federal Trade Commission rules, tax professionals are required to have a written security plan. As part of the Security Summit effort, the group?s Tax Professional team developed a special document that allows practitioners to quickly develop a Written Information Security Plan (WISP) [ [link removed] ].

Back to Top [ #Fifteenth ]

________________________________________________________________________

FaceBook Logo [ [link removed] ]??YouTube Logo [ [link removed] ] ?Instagram Logo [ [link removed] ]? Twitter Logo [ [link removed] ] ?LinkedIn Logo [ [link removed] ]

________________________________________________________________________

Thank you for subscribing to the IRS Newswire, an IRS e-mail service.

If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].

This message was distributed automatically from the mailing list IRS Newswire. *Please Do Not Reply To This Message.*


________________________________________________________________________

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need to use your email address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com [ [link removed] ].

This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].


body .abe-column-block {min-height: 5px;} ________________________________________________________________________

This email was sent to [email protected] by: Internal Revenue Service (IRS) ? Internal Revenue Service ? 1111 Constitution Ave. N.W. ? Washington DC 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
Screenshot of the email generated on import

Message Analysis