Online thieves are targeting tax professionals, especially those working remotely, through new phishing scams that take advantage of COVID-19 economic impact payments.

The IRS is urging the nation’s tax firms to review and strengthen their data protection plans as cybercriminals step up their efforts.

“Crooks are targeting tax professionals as well as taxpayers,” the IRS said in a statement.

The Security Summit, a consortium of the IRS, 42 state agencies, and 20 tax industry association and offices, addresses phishing scams in part four of its Working Virtually series.

“The vast majority of data thefts start with a phishing email trick,” IRS Commissioner Chuck Rettig said.

“Identity thieves pose as trusted sources—a client, your software provider, or even the IRS—to lure you into clicking on a link or attachment.

“Remember don’t take the bait—learn to recognize phishing scams.”

Phishing Emails

In general, phishing emails feature an urgent message, such as an account password expiry warning, then direct you to an official-looking attachment or link.

The link may take you to a fake website made to appear like a trusted source and request your username and password.

Or the attachment may contain malware that secretly downloads a program that tracks keystrokes and eventually allows scammers to steal the tax professional’s passwords.

In one instance, thieves quietly accessed a taxpayer's information for 18 months before being discovered.

The IRS this year identified a sophisticated attack against tax firms in which scammers gained remote access through phishing or malware and were able to enter cloud storage accounts containing client files.

In one instance, thieves were quietly accessing and downloading taxpayer information for 18 months before the victim discovered it.

All organizations, especially those with people working remotely, should educate employees about increased activity related to phishing scams, the government said.

PPE, Stimulus Payment Claims

Some of the phishing scams took advantage of COVID-19 fears by claiming to offer face masks or other personal protective equipment in short supply, the IRS said.

Other tactics scammers used included impersonating the IRS in emails or phone calls requesting bank account information to send federal Economic Impact Payments.

Tax professionals should always beware of emails from scammers posing as potential clients.

Tax professionals should always beware of emails from scammers posing as potential clients.

With people practicing social distancing, criminals may try to exploit the process by trying to trick a tax professional into opening links or attachments.

The IRS and the Security Summit urge tax professionals to contact potential clients by phone or through video conferencing.

Taxpayers and tax preparers can forward suspicious emails posing as the IRS to phishing@irs.gov.

Tax professionals also can get help with security recommendations by reviewing the recently revised IRS publication on safeguarding taxpayer data, and fundamentals on small business information security from the National Institute of Standards and Technology.