Key Takeaways
- You're increasingly targeted by email phishing scams where scammers pose as clients or colleagues to access your personal information, often using malware to steal passwords and sensitive data.
- Scammers send fraudulent emails that appear to be from the IRS, complete with logos, to trick you into providing personal information, but remember, the IRS doesn’t contact individuals via email for account issues.
- Identity thieves use voice phishing, or "vishing," by posing as representatives from electronic return originators, claiming software issues and requesting remote access to your computer to steal information.
- It's important to not open attachments or click links from unknown senders, verify unexpected emails from known contacts, and avoid filling out forms accessed via web links, while also reporting suspicious IRS emails and avoiding public Wi-Fi for accessing sensitive information.
Email phishing scams from fraudulent clients
Tax year 2021 saw an increase in email phishing schemes aimed at tax professionals, attempting to gain access to personal information. Scammers first make contact by sending you an email that appears to come from a real client or colleague.
After you respond, the scammer sends a web address or file attachment that purportedly contains their tax info—but it’s actually malware that infects your system when you click the link or open the attachment. This can allow the scammer to steal your passwords, email addresses, and other private information that they can use to access your bank accounts or financial information.
From there, the malware can use your system to send fraudulent emails to other contacts in your address book—emails that seem like they're coming from you. Conversely, if one of your contacts is affected, you might receive the phishing email from them.
- Watch out for attachments sent from people you don’t know, or attachments from those you do know that are sent seemingly out of the blue.
- Use anti-virus software to check any attachments you receive via email before opening them, and talk to new prospects on the phone to get a better sense of whether they are a legitimate client or not.
Fraudulent emails from the “IRS”
In some cases, identity thieves send phishing emails that appear to be from the Internal Revenue Service or the IRS e-services; these even include the IRS logo to lend legitimacy to the fraud. However, the IRS does not contact you via email for issues involving your account or your clients' accounts.
If you click the link and fill out the form, the scammers can use the information to access your accounts and, potentially, steal more information or money.
- Watch out for emails with the subject line "Security Awareness for Tax Professionals" directing you to a fake e-services registration site via an embedded web link.
TurboTax Tip:
You should forward any suspicious emails claiming to be from the IRS to phishing@irs.gov and verify unexpected communications from electronic return originators by contacting them directly.
Fraudulent calls from your Electronic Return Originator
In addition to email phishing, some identity thieves are targeting tax professionals with voice phishing, or “vishing.” A common ploy is to pose as representatives from your electronic return originator, or ERO. The scammer may claim your software is corrupted or out of date, and then request remote access to your computer to update the software. Of course, they’ll actually use that remote access to take over your account and steal your information.
- Watch out for emails that your ERO sends apparently out of the blue, especially if they claim you’re facing a security risk, and do not grant anyone remote access to your computer.
- If you’re concerned, call your ERO to confirm your software is up-to-date and functional.
How to protect yourself and your clients
Scammers and hackers who target tax professions cook up new schemes all the time, but these best practices may help you avoid identity theft. In summary:
- Don’t open attachments or click web links from senders you don’t recognize. If colleagues send attachments seemingly out of the blue, give them a quick call to confirm the email is legitimate.
- Don’t fill out personal or financial information on forms you’ve accessed via a web link, even if the page looks authentic. Instead, visit the site directly—for example, go to IRS.gov, then search for the form you need.
- Forward any emails that appear to be from the IRS to phishing@irs.gov, then delete the email from your inbox and trash folder. The IRS does not contact you via email for issues involving your account.
- Don’t allow unknown parties remote access to your computer based on a phone call that seems to be from your ERO. Report fraudulent calls to the IRS stakeholder liaison contact for your area.
- Don’t access sensitive client or personal information over public Wi-Fi, like at the airport or a coffee bar, since your information may be intercepted.
For recent updates on the types of scams targeting taxpayers and tax professionals, visit the IRS page Tax Scams/Consumer Alerts.
Whether you want an expert to do your taxes from start to finish, or expert help while you file on your own, TurboTax has expert-backed offerings to meet your needs. With TurboTax Live Assisted, our tax experts help you complete your taxes, fix any mistakes, and explain what's next.
Or, with TurboTax Live Full Service, a local tax expert matched to your unique situation will get your taxes done 100% right - as soon as today.
Whichever plan you choose, you'll get you taxes done with 100% accuracy and your maximum refund, guaranteed.