The Inland Revenue Service has released a warning to tax professionals about a new IRS e-Services phishing scam that has recently been discovered.
With the tax return deadline coming quickly, it is the last chance for the fraudsters to steal identities and submit fraudulent tax returns. Recent days have seen a surge in phishing attacks on tax professionals.
The focus of the IRS e-Services phishing scam is to obtain tax professionals’ e-Services usernames and password details. The emails use a range of subject lines that have been crafted to attract attention and ensure the emails are read.
The emails claim to have been issued by the IRS about issues with the user’s e-Services account. The emails warn that the user’s e-Services account has been shut, suspended or blocked. In order to reactivate the account or stop its closure, the email recipient is asked to login to their account.
A link is given in the email that allows the recipient to take the required action. Clicking on the link will take the user to a login page that closely resembles the IRS e-Services portal. Typing in a username and password into the login page will see the details recorded by the attackers.
Reacting to the high volume of phishing attacks on tax professionals, the IRS has been enhancing account security in recent weeks. The IRS has been directing tax professionals to revalidate their accounts to prevent delays when accessing their e-Services accounts. The hackers appear to be taking advantage and piggybacking on those recent communications.
The IRS advises all tax professionals that if for any reason their e-Services account has been shut down, they should contact the e-Services Help Desk to reactivate their account, but never to visit any links contained in emails. While links to malicious websites are enabled for this scam, users should also be wary about any attachment files sent in e-Services emails.
This tax season has seen a major surge in tax-related email scams, most notably a massive rise in W-2 Form phishing scams. At least 140 successful W-2 Form phishing attacks have already been revealed, although with two weeks left of tax season that figure is sure to rise. K12 schools, colleges and other higher education institutions have been targeted this year, as has the healthcare sector. Some of the phishing scams have lead to thousands of employees’ tax details being accessed by fraudsters.
The final few days before the April 18 deadline for sending in tax returns is likely to see many more phishing attacks carried out. All companies should therefore be on their guard and should exercise extreme care.