The Internal Revenue Service (IRS) is warning about a new email impersonation scam targeting tax professionals.
Cybercriminals are sending emails designed to trick tax professionals into believing they are communicating with their tax software providers, with the ultimate goal of stealing account user name
and password details.
The latest scam email was sent with a subject line of “Software Support Update,” “Important Software System Upgrade,” or a similar variant. The
email thanks tax professionals for trusting them to help them prepare taxes, and then requests that they revalidate their login credentials due to a recent software update.
The email then
directs its victims to a phishing website that steals account login details, designed as the twin to their tax software provider’s actual login page.
This latest email phishing threat is
a classic example of the nefarious creativity of cybercriminals and the importance of email security vigilance. Not only does the phishing scam use familiar diction to trick its intended victims, it
even mimics the email template design that tax software providers use.
More than 1.2 million phishing attacks were reported in 2016, a rise of 65% year-over-year, according to the
Anti-Phishing Working Group’s (AWPG) latest Phishing Trends Activity Report. The AWPG began tracking phishing crimes in
2004, when there were an average of 1,609 attacks per month.
That number has skyrocketed by 5,753% in the last dozen years to an average of 92,564 attacks per month.
It is imperative
that consumers never open links or attachments from suspicious emails, but the battle against cybercrime isn’t just up to the end-user. Brands and email marketers also play an important role and
ensure their email security protects against impersonation attacks.
DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email authentication standard that when
deployed correctly can restrict fraudulent and deceptive emails.