With the emergence of a new tax fraud scheme, The Internal Revenue Service is urging tax professionals to step up security and beware of phishing emails that can secretly download malicious software that can help cybercriminals steal client data.

Only a few days into the filing season, a scam was identified that began with cybercriminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns.

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it.

Here is how the scam targeting tax preparers works:

Cybercriminals send introductory emails to tax professionals posing as potential clients to gain access to the professionals’ computer systems and collect the personal information of clients. The email contains a phishing URL or attachment claiming the individual’s tax data is enclosed. Once the recipient clicks the link, malware is secretly downloaded that allows the cybercriminal to track keystrokes or gain remote access to the recipient’s computer and steal clients’ personal information.  That information can then be used to file fraudulent tax returns or sold on the Dark Web.

Some emails reported to the IRS include:

  • “Happy new year to you and yours. I want you to help us file our tax returns this year as our previous CPA passed away in October.  How much will this cost us?  Hope to hear from you soon.”
  • “A friend of mine introduced you to me regarding the job you did for him on his 2017 tax. I tried to reach you by phone earlier today but it was not connecting, attached is my information needed for my tax to be filed.  If you need more details please feel free to contact me.”

In a new twist, the fraudulent returns in a few cases used the taxpayers' real bank accounts for the deposit. Then, a person posing as a debt collection agency official contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to forward the money to the caller.

This scheme is likely just the first of many to be identified this year as the IRS, state tax agencies and tax industry continue to fight back against tax-related identity thieves. Because of advances made in educating the public about identity theft, cybercriminals have evolved their tactics to focus on tax professionals where they can steal client data.

Thieves know it is easier to file fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions. Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves, rather than the real taxpayers.

Tax professionals are urged to seek cybersecurity experts to help better secure their data. Here’s a reminder from the IRS of some basic steps tax professionals can take:

  • Educate all employees about phishing in general and spear phishing in particular.
  • Use strong, unique passwords. Better yet, use a phrase instead of a word. Use different passwords for each account. Use a mix of letters, numbers and special characters.
  • Never take an email from a familiar source at face value; example: an email from “IRS e-Services.” If it asks you to open a link or attachment, or includes a threat to close your account, think twice. Visit the e-Services website for confirmation.
  • If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize or if it’s an abbreviated URL, don’t open it.
  • Consider a verbal confirmation by phone if you receive an email from a new client sending you tax information or a client requesting last-minute changes to their refund destination.
  • Use security software to help defend against malware, viruses and known phishing sites and update the software automatically.
  • Use the security options that come with your tax preparation software.
  • Send suspicious tax-related phishing emails to phishing@irs.gov.

This newest scam also is also a reminder to taxpayers that they should be alert to any unusual activity such as receiving a tax transcript or tax refund they did not request. 

Taxpayers who receive a direct deposit refund that they did not request should take the following steps:

  • Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS.
  • Call the IRS toll-free at 800-829-1040 (individual) or 800-829-4933 (business) to explain why the direct deposit is being returned.
  • Keep in mind interest may accrue on the erroneous refund.

Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.