Skip to main content
Unleash your inner leader! 2025 Leadership Masterclass Series Enroll Today

The IRS warned tax professionals this week to beware of evolving identity theft phishing emails scams that are designed to steal client data.

The IRS, state tax agencies, and tax professionals comprising the IRS’ Security Summit report an uptick in instances where tax professionals receive identity theft phishing emails posing as potential clients. The cyber criminals then trick these tax practitioners into opening email links or attachments that infect computer systems to steal client information.

“Identity theft scammers continually try new schemes to steal client personal and financial information from tax professionals,” said IRS Commissioner Chuck Rettig. “We continue to see a barrage of emails aimed at tax professionals trying to trick them into providing valuable access to identity thieves.”

Tax professionals should also use multi-factor authentication, such as phone, text or tokens, when accessing cloud-based systems to store and prepare clients’ tax returns, Rettig said. Relying on authentication by email alone makes it easier for thieves to access this data.

Phishing emails or SMS/texts (known as “smishing”) attempt to trick the recipient into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers. Tax pros are a common target.

In a reoccurring and very successful scam, criminals posed as potential clients, exchanging several emails with tax professionals before following up with an attachment that they claimed was their tax information. Once the tax pro clicks on the embedded URL and/or opens the attachment, malware secretly downloads onto their computers, giving thieves access to passwords to client accounts or remote access to the computers.

Thieves then use this malware known as a remote access trojan (RAT) to take over the tax professional’s office computer systems, identify pending tax returns, complete them and e-file them, changing only the bank account information to steal the refund.

Another scheme, which frequently targets smaller tax professionals or businesses, involves cloud-based systems used to store client data. While many cloud-based systems are secure, tax professionals using these should ensure they’re using strong multi-factor authentication.

The Security Summit partners also urged tax professionals to:

  • Make sure their anti-virus software is automatically updated to prevent scams that target software vulnerabilities.
  • Use drive encryption and regularly back up files to help s stop theft and ransomware attacks.

To help tax professionals guard against phishing scams and better protect taxpayer information, the IRS Publication 4557, Safeguarding Taxpayer Data.