The Internal Revenue Service, state tax agencies and the tax industry this week warned tax professionals to beware of spear phishing emails, a common tactic used by cybercriminals to target practitioners.
Spear phishing emails, often tailored to individual practitioners, result in stolen taxpayer data and fraudulent tax returns filed in the names of individual and business clients, the IRS said.
Information about spear phishing kicks off a new “Don’t Take the Bait” awareness campaign aimed at tax professionals.
This is the first of a special 10-part series that will run each week through mid-September.
“We are seeing repeated instances of cybercriminals targeting tax professionals and obtaining sensitive client information that can be used to file fraudulent tax returns. Spear phishing emails are a common way to target tax professionals,” IRS Commissioner John Koskinen said in a statement.
“We urge practitioners to review this information and take steps to protect themselves and their clients,” he said.
Phishing emails target a broad group of users in hopes of catching a few victims. Spear phishing emails pose as familiar entities, and the cybercriminals have done extensive research and homework in order to target a specific audience. Tax professionals and taxpayers are among the groups that regularly receive phishing emails.
The security software firm Trend Micro reports that 91 percent of all cyberattacks and resulting data breaches begin with a spear phishing email.
The email, disguised as being from a trusted source, may seek to have victims voluntarily disclose sensitive information such as passwords.