IRS Warns of Fake Tax Software Update Scam
Only a few years ago, a data breach or hacking event typically led to the theft of instantly usable information like credit and debit card numbers. Thieves would either use that data quickly to make large purchases or sell the information to other scammers.
That kind of theft was a race against the clock, with criminals trying to use the stolen credentials before the financial institution caught wind of it and canceled the account. That’s why scammers have had to up their game by going after more permanent information.
There’s been a noticeable rise in Social Security number theft in recent years, since having access to someone’s SSN means being able to open new lines of credit, obtain loans for major purchases like homes or cars, and more. If those accounts are shut down for fraud, the thief can simply open a new one.
Of course, buying power isn’t the only thing an SSN gives a thief. They can apply for government assistance, request disability benefits, file for unemployment benefits, and even seek medical care. In addition, they can work under your SSN and even file a fraudulent tax return.
The IRS has seen a decrease in tax fraud reports this year, largely due to better awareness of the issue among taxpayers and tax preparers. Unfortunately, they are now warning tax prep professionals of a new scam that targets their databases, seeking access to numerous identities at the source.
According to a press release from the IRS, “The Internal Revenue Service, state tax agencies, and the tax industry today warned tax professionals to be alert to a new phishing email scam impersonating tax software providers and attempting to steal usernames and passwords. This sophisticated scam yet again displays cybercriminals’ tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business. This is the time of year when many software providers issue software upgrades and when tax professionals are working to meet the Oct. 15 deadline for extension filers.”
Strangely enough, the days of the badly worded, misspelled “Nigerian prince” phishing email are becoming increasingly rare. Instead, this email not only comes across as highly professional, it may even include a subject line such as “Software Support Update” or mention an “Important Software System Upgrade.” It even thanks the recipient for using their trusted software for all their tax preparation needs.
Tax professionals need to remain vigilant about this kind of phishing attempt. The IRS warns that no legitimate communication will ever ask the preparer to provide their login credentials, any information about their clients, or to click an embedded link or open an attachment. Any email or communication of this kind should be ignored and deleted, and questions should be investigated with the software company itself.