The IRS warned tax practitioners that scammers are sending tax practitioners fraudulent phishing emails asking them to update their IRS e-services information. The emails claim that information was stolen from certain users' e-services accounts in 2015 and that their accounts need to be updated to ensure their information is protected. The subject line for the fraudulent email is "Security Awareness for Tax Professionals," and the "From" line says, "Your e-services team."
The email has an IRS logo and an e-services logo, which links to a spoofing website that purports to be an e-services registration page. The scammers are attempting to steal usernames and passwords and other personal data and are exploiting the IRS's current program of attempting to strengthen tax professionals' e-services authentication process. Practitioners who mistakenly clicked on the email and provided a username and password should contact the e-services help desk to reset their accounts. If they use the same information for other accounts, those should be changed as well. The IRS recommended that those practitioners perform a deep security scan on their computers and reevaluate their security controls. The IRS also advised tax professionals to use effective security software, encrypt taxpayer data, use strong passwords and change them often, learn to recognize phishing emails, not click on links or download attachments from suspicious emails, and be wary of unusual communications purporting to be from the IRS.
The IRS previously warned preparers of phishing emails masquerading as tax preparation software updates, along with other threats, and recommended safeguards and best practices, available at its "Protect Your Clients; Protect Yourself" webpage at irs.gov. See also "Tax Practice Corner: Keeping Clients' Tax Data Secure," JofA, Oct. 2016.
—By Sally P. Schreiber, J.D., a JofA senior editor.