According to the Internal Revenue Service, tax professionals and businesses present a tempting target for identity thieves given their extensive information, and scammers continue to look for creative ways to gain access into sensitive systems. In particular, the agency and its partners warn businesses and tax preparers to watch out for a surge in a particular type of spearfishing known as new-client scams, where identity thieves pose as potential clients using fake emails.

“It’s crucial for tax professionals and businesses to be wary of creative and evolving cyberattacks designed to access sensitive systems,” said IRS Commissioner Danny Werfel, in a media release. “Cyberattacks pose a threat to not just the livelihood of the businesses, but the sensitive tax and personnel information that identity thieves can use to try filing fake tax returns. Taking simple steps by using extra caution when opening emails, clicking on links or sharing private client information can prevent tax professionals from being taken advantage of by cybercriminals.”

Raising awareness about common scams threatening taxpayers and tax pros has been an ongoing focus of the Security Summit, a coalition of the IRS, state tax agencies and the nation’s tax industry. The groups have worked together since 2015 to strengthen internal systems and controls to protect against tax-related identity theft, and the Summit partners continue to warn people about common scams and schemes during tax season and beyond, the release states.

The “new client” scam continues to be a concern for the IRS and its Security Summit partners. Cybercriminals impersonate new, potential clients to trick tax preparers into responding to their emails. Once the preparer responds, the scammer sends a malicious attachment or URL that can compromise the preparer’s computer systems and allow the attacker to access sensitive client information, the IRS said.

“There are warning signs that should raise red flags and cause people to question an email’s legitimacy,” the release states. “Individuals, including tax pros, should always be cautious and look out for any suspicious requests or unusual behavior before sharing any sensitive information or responding to an email. Warning signs include poorly constructed sentences and unusual word choices. Be aware that by gaining access to a hacked email account, scammers can locate a genuine email from a previous victim’s email account sent to their tax professional. This email may contain no spelling or grammatical errors and may refer to genuine tax issues.”

SOURCE: U.S. Internal Revenue Service