The Internal Revenue Service (IRS) along with state tax agencies issued a warning this week about a new phishing email scam that impersonates tax-software providers and attempts to steal users' usernames and passwords by tricking people into logging in to bogus websites that clone those of legitimate tax software providers.
The scam - which appears (at least so far) to target professional tax preparers more than personal users of tax software - highlights criminals' savviness; August is a month in which many accountants prepare taxes for people on extension (who have a filing deadline of October 15th), and when many software providers issue updates.
This latest phishing scam utilizes an email with a subject line of "Software Support Update" and "informs readers" that they should install an "Important Software System Upgrade." When a user clicks the link to obtain the update, however, the clone website asks for the user's login and password - which, once entered, will be stolen and abused by criminals. Armed with the login credentials, for example, crooks can likely steal private information from the preparers' clients.
The emails from the phishers look real; they mimic the legitimate software providers' email formats. Some such messages even thank recipients for continuing to trust the provider for their tax preparation needs.
Tax professionals who encounter such emails, or who receive any other emails from their tax-software providers seeking login credentials, should send those messages to both their tax-software provider and to the IRS. The IRS's instructions for submitting such emails are copied below for your convenience:
For Windows users, follow this process to help the investigation of these scam emails:
1. Use "Save As" to save the scam. Under "save as type" in the drop-down menu, select "plain text" and save to the desktop. Do not click on any links.
2. Open a new email and attach this saved email as a file.
3. Send a new email containing the attachment to the tax software provider, as well as a copy to Phishing@IRS.gov.
Additional security advice for tax professionals can be found on the the IRS website.