WASHINGTON, D.C. — The Internal Revenue Service, in partnership with the Security Summit, is sounding the alarm over a surge in sophisticated phishing schemes targeting tax professionals. As part of its annual “Protect Your Clients; Protect Yourself” summer campaign, the IRS outlined new threats and preventive strategies for safeguarding sensitive taxpayer information.
The advisory is the second installment in a five-part series led by the Security Summit, a collaboration between the IRS, state tax agencies, and the private sector. Since its inception in 2015, the Summit has coordinated efforts to combat identity theft and tax fraud nationwide.
According to the IRS, phishing tactics are becoming more targeted and convincing. Scams include not only generic phishing emails but also spear phishing, clone phishing, and whaling attacks that focus on high-level executives and finance personnel. A particularly insidious tactic involves criminals posing as prospective clients to dupe tax professionals into opening malware-laden attachments.
The IRS identified red flags professionals should watch for, including:
- Unsolicited emails from what appears to be a trusted source
- Duplicate messages with unexpected links or attachments
- Urgent requests to update information or credentials
- Slight variations in familiar email addresses or web domains
In response, the agency is urging tax professionals to adopt what it calls the “Security Six” — a foundational set of cybersecurity measures:
- Updated antivirus software to block initial threats
- Firewalls to filter traffic
- Multi-factor authentication, now required by the FTC
- Routine data backups to mitigate damage from attacks or hardware failure
- Drive encryption to secure stored client information
- Use of a Virtual Private Network (VPN) for safe data transmission
These cybersecurity best practices will be emphasized during the IRS’s upcoming Nationwide Tax Forum events, which offer continuing education for tax professionals. The remaining forums will be held in New Orleans (Aug. 5), Orlando (Aug. 26), Baltimore (Sept. 9), and San Diego (Sept. 16), with registration deadlines approaching quickly.
The IRS stressed that as scammers refine their techniques, tax professionals must remain vigilant and proactive. Failure to do so, they warned, could jeopardize not only client data but also professional reputations and compliance with federal regulations.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.