Tax professionals are increasingly facing a growing threat: cyber scams aimed at seizing confidential taxpayer data. The U.S. tax agency, known as the IRS, has recently issued a warning about a significant rise in these criminal activities, which occur not only during tax season but throughout the entire year.
In an effort to bolster tax security, the IRS has teamed up with state tax agencies and private sector organizations to form an alliance called the “Security Summit.” This group works together to identify and counter threats to the security of tax information.
IRS warning: phishing a constant threat
Phishing attacks are not new, but their frequency and sophistication are on the rise. These scams typically appear as emails that mimic reliable sources, intending to deceive the recipient into clicking on malicious links.
These links direct users to fraudulent websites that look like legitimate platforms, where personal information is requested. This information can then be used to access bank accounts or commit identity theft.
More sophisticated than general phishing is “spear phishing,” a method targeting specific individuals or entities. Attackers conduct prior research to personalize emails, including names of colleagues, job references, or any relevant data that makes the scam more believable.
Similarly, “whaling” attacks are aimed at high-level executives or individuals with access to large amounts of sensitive information. These attacks are particularly dangerous due to the level of access criminals can gain if successful.
Clone phishing: the new frontier of deception
An emerging variant in cyber scams is “clone phishing.” In this type of attack, criminals clone a legitimate email previously sent and resend it with a malicious attachment or link designed to steal information. This method can be particularly deceptive because the message appears to come from a known and trusted source.
Prevention tips
The IRS emphasizes the need for constant vigilance and ongoing education for tax professionals. It’s crucial for these individuals to be aware of scam tactics and educate their employees on how to identify and handle suspicious emails.
Protecting client information is not just a matter of cybersecurity but also a professional responsibility.
The increase in cyberattacks is also reflected in recent incidents such as the one revealed by AT&T, where customer call records were illegally accessed and copied. This incident highlights the vulnerability not only of tax entities but of the entire corporate digital infrastructure.