Application security, Threat Management, Malware, Phishing

IRS: Phishing scam aims to deceive accountants with fake tax software updates

The Internal Revenue Service (IRS) is warning of an email-based phishing scam that impersonates tax software providers in order to trick professional accountants into giving away their log-in credentials for these services.

According to an Aug. 4 alert issued by the Security Summit, a task force comprised of the IRS, state tax agencies and the greater tax industry, the scam emails feature the subject line “Software Support Update” and reference an “Important Software System Upgrade.” To look all the more convincing, these phishing messages even mimic the tax software providers' email templates.

While there have been similar scams in the past, "What's new about this one is the targeting in the subject line in particular," said Matthew Leas, IRS spokesperson, in an interview with SC Media.

Leas could not confirm specifically which tax software providers are being imitated in the scam, adding: "We're just seeing it across the board."

The timing of this scam is significant, the Security Summit notes in the alert, because tax software companies typically distribute product upgrades around this time, as CPAs ramp up their efforts to meet the Oct. 15  deadline for taxpayers who filed for extensions.

"The e-mail informs the recipients that due to a recent software upgrade, the preparer must re-validate their login credentials," the alert explains. "It provides a link to a fictitious website that mirrors the software provider's actual login page. Instead of upgrading software, the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers' accounts and to steal client information."

In a bit of irony, the emails also thank recipients for their trust.

"This sophisticated scam yet again displays cybercriminals' tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business," the alert states, noting that the Security Summit is in the midst of a 10-week "Don't Take the Bait" campaign designed to spread awareness of cybercriminal tactics.

“Tax professionals are increasingly the targets of cybercriminals because of their access to tax information," said Jim Buffington, CPA and customer liaison with ProConnect Group, a brand of professional tax products and services offered by Intuit. "To help safeguard their firm and their clients, tax professionals should not click on email links or open attachments if something seems unsafe."

The Security Summit recommended that recipients of suspicious emails save them in plain text and then send them to [email protected] as well as to the tax software provider being impersonated.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.