IRS Warns Tax Preparers of New Malware Scam

In December, the IRS boasted a robust conviction rate for tax-related crimes by its criminal investigation division.

Phishing Season

Last week's announcement said IRS CI agents were still looking into the latest data theft scam, but noted that most data thefts occur because a tax preparer or someone in the office opened a phishing email and clicked on a link or attachment that contained malware.

One form of malware secretly downloads into computers and either allows thieves to see each keystroke or gives them remote access to computers, in both instances enabling them to steal data stored on the computers.

The IRS urged tax professionals to review the Security Summit's Don't Take the Bait campaign, which outlined various scams criminals used to trick practitioners.

It said they should seek expert advice to help them better secure their data, and reminded them of some steps they can take:

• Educate employees about phishing in general and spear phishing in particular
• Use strong, unique passwords or, better, use a phrase instead of a word
• Never take an email from a familiar source at face value. Visit the e-Services website for confirmation
• If an email contains a link, hover the cursor over the link to see the URL destination. If the URL is unfamiliar or abbreviated, don't open it
• Consider a verbal confirmation by phone upon receipt of an email from a new client sending tax information or one requesting last-minute changes to the refund destination
• Use and automatically update security software
• Use the security options that come with tax preparation software
• Send suspicious tax-related phishing emails to [email protected]

The IRS said the newest scam served as a reminder to taxpayers that they should be alert to any unusual activity such as receiving a tax transcript or tax refund they did not request. Here are seven tips how taxpayers can bolster their online safety and protect tax returns and refunds in 2018.