The Indiana Department of Revenue (DOR) and the Internal Revenue Service (IRS) are warning tax professionals to be on alert for emails aiming to steal client data by posing as state accounting and professional associations.
Tax professionals have been receiving fake emails asking individuals to sign in to view a message from a tax organization for all active members. These emails intend to get individuals to disclose their email usernames and passwords gaining cybercriminals access to practitioner databases. The current email scam contains awkwardly worded content, which is a telltale sign of phishing emails. It states: “We kindly request that you follow this link HERE and sign in with your email to view this information from (name of accounting association) to all active members. This announcement has been updated for your kind information through our secure information sharing portal which is linked to your email server.”
DOR warns tax professionals to be on alert for any message asking for personal information, and suggests visiting the associations’ website to access important materials or messages.
DOR and the IRS offers several tips to help tax professionals safeguard their data:
Learn to recognize phishing emails – look for misspellings or incorrect grammar, check the return email address, and look for threats or quick fixes.
Never open any link or attachment from a suspicious email – when in doubt do not click on any links.
Create a data security plan – Detailed information can be found in the IRS publication “Safeguarding Taxpayer Data” at www.irs.gov/pub/irs-pdf/p4557.pdf.
Ensure your virus and malware software is up-to-date.
Limit the ways anyone could gain access to your customers’ data. Anyone receiving suspicious emails or other forms of communication related to taxes should contact DOR at investigations@dor.in.gov or the IRS at phishing@irs.gov.