Tax professionals across Kansas need to be aware of a scheme designed to get their clients’ personal information.
“Everybody’s heard of phishing,” said the Internal Revenue Service’s Michael Devine. “That’s where criminals will create an email and send it out to hundreds or thousands of people. There’s a new method that they are trying, and it’s called spear phishing.”
Spear phishing is much more targeted.
“This is where the criminal poses as the client of a tax professional or they impersonate the IRS or a bank or even a software company,” said Devine. “They send an email to a specific individual or a CPA, a tax company. They try to get them to give them information or to open an attachment that has some kind of malware so these criminals can get access to that tax professional’s database and steal the client information.”
It’s common sense, but don’t open attachments unless you are expecting them and know who they are from.
“We need to be suspicious of almost anything that comes in unexpectedly,” said Devine. “If you’re talking to a client and ask them to send you something, you know it’s coming in. It’s kind of like, if you’re working with the IRS on a tax problem and you get a phone call, you can pretty much expect, okay, I know who it is, it really is the IRS.”
The security software firm Trend Micro reports that 91 percent of all cyberattacks and resulting data breaches begin with a spear phishing email. The email has a subject line like “Tax return” or something similar to bait the tax preparer into believing the email is from a legitimate client.
For more information on spear phishing and how to avoid it, go to irs.gov.