The Security Summit warns that small business owners offering tax-related services must be increasingly vigilant against evolving phishing scams and cloud-based attacks that aim to steal sensitive client information.
The Security Summit, comprising the IRS, state tax agencies, and the nation’s tax industry, has observed an unwavering surge in attacks targeting the tax professional community in an attempt to misappropriate sensitive tax and financial information. IRS Commissioner Danny Werfel expressed deep concerns: “We continue to see a relentless string of attempts from scammers to obtain sensitive tax professional information. These scams can be subtle and sophisticated, and tax pros should not let down their guard.”
This warning is the third in a special five-part series titled “Protect Your Client; Protect Yourself,” initiated by the Security Summit, a joint initiative dedicated to defending the tax system from identity theft and fraud. This campaign, now in its eighth year, alongside the IRS Nationwide Tax Forums, is devised to equip tax professionals with the knowledge and tools to secure their client data and their business from potential threats.
Understanding the Phishing Landscape
- Phishing/Smishing: These are deceptive emails or SMS/texts that hoodwink recipients into clicking dubious links, providing personal details, or downloading malicious files. Such attempts often target multiple addresses at once, heightening the chances of someone getting trapped.
- Spear Phishing: A more insidious phishing variant that forgoes targeting vast groups but focuses on specific potential victims, making these attacks often harder to identify. The deceptive emails can be so well-crafted that they might appear as genuine client communication to tax professionals.
- Whaling: These are akin to spear phishing but usually target higher-ranking officials in an organization with access to a treasure trove of data. Payroll offices, human resource personnel, and financial offices are also commonly targeted in these scams.
It has been noted with concern that tax professionals are particularly susceptible to emails masquerading as potential client communications. Fraudsters deploy this tactic to dupe practitioners into accessing malicious links or attachments. This method poses a significant threat, especially when considering whaling attempts that utilize legitimate-looking emails to amass vast data troves.
Werfel accentuated the artfulness and ingenuity of these schemes, urging the tax community to remain on high alert. “Scammers can be quite creative and resourceful,” he added.
How to Spot Red Flags
Small Business Deals
Tax professionals can shield themselves by recognizing telltale signs:
- Unexpected emails or texts from supposedly trustworthy sources.
- A compelling narrative that demands immediate action.
- For example, a slightly altered email address or URL, ‘irs.com’ instead of ‘IRS.gov’.
Guarding Against Cloud Threats
For small businesses relying on cloud-based systems, especially for storing information or tax preparation, the recommendation is clear: adopt multi-factor authentication. Such added security layers, utilizing texts, calls, or tokens, could be the difference between safeguarding client data and suffering a data breach.
The Security Summit has witnessed a worrying trend of attacks leveraging cloud vulnerabilities. In this digital age, emails become an easy access point for identity thieves. Multi-layered security measures become not just recommended but essential.
In a rapidly digitizing world, the risks to sensitive information are multiplying. Small business owners, particularly those in the tax sector, must stay informed, updated, and always vigilant to safeguard their client’s trust and their professional reputation.
Image: Envato Elements