IRS Phishing Scam Targets Tax Professionals

The Internal Revenue Service (IRS) is warning about a new email impersonation scam targeting tax professionals.

Cybercriminals are sending emails designed to trick tax professionals into believing they are communicating with their tax software providers, with the ultimate goal of stealing account user name and password details.

The latest scam email was sent with a subject line of “Software Support Update,” “Important Software System Upgrade,” or a similar variant. The email thanks tax professionals for trusting them to help them prepare taxes, and then requests that they revalidate their login credentials due to a recent software update.

The email then directs its victims to a phishing website that steals account login details, designed as the twin to their tax software provider’s actual login page.

This latest email phishing threat is a classic example of the nefarious creativity of cybercriminals and the importance of email security vigilance. Not only does the phishing scam use familiar diction to trick its intended victims, it even mimics the email template design that tax software providers use.

More than 1.2 million phishing attacks were reported in 2016, a rise of 65% year-over-year, according to the Anti-Phishing Working Group’s (AWPG) latest Phishing Trends Activity Report. The AWPG began tracking phishing crimes in 2004, when there were an average of 1,609 attacks per month.

That number has skyrocketed by 5,753% in the last dozen years to an average of 92,564 attacks per month.

It is imperative that consumers never open links or attachments from suspicious emails, but the battle against cybercrime isn’t just up to the end-user. Brands and email marketers also play an important role and ensure their email security protects against impersonation attacks.

DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email authentication standard that when deployed correctly can restrict fraudulent and deceptive emails.


Next story loading loading..