Tax Preparers Beware: Cybercriminals Are Out to Get You

Cybercriminals are targeting a new group lately: tax preparers. Cybercrime has become serious business in the past few years as new, more sophisticated scams crop up. Cybercriminals have realized – why target one tax payer when you can breach an entire tax office or single tax preparer and hundreds of taxpayer identities?

Be wary of these top tax preparer scams.

Fake Insurance Tax Form Scam

The Insurance Tax Form Scam is the newest of the scams targeting tax preparers. This one is pretty complex. According to the IRS, here’s how the scam works:

“The cybercriminal, impersonating a legitimate cloud-based storage provider, entices a tax professional with a phishing email. The tax professional, thinking they are interacting with the legitimate cloud-based storage provider, provides their email credentials including username and password.”

Once they have access to your account, they steal your client’s email addresses and impersonate you by sending emails to your clients. In the email, they attach a fake IRS insurance form and request that the form be completed and returned.

The subject line and email is usually a variation of the following:

“urgent information”

Dear Life Insurance Policy Owner,

Kindly fill the form attached for your Life insurance or Annuity contract details and fax back to us for processing in order to avoid multiple (sic) tax bill (sic).

E-Services Scam

This phishing scam asks tax preparers to “sign a new e-Services user agreement.” The email will claim to be from the “e-Services Registration” and uses “Important Update about Your e-Services Account” in the subject line. It states that e-Services is rolling out a new user agreement that all users must accept. The tax preparer is directed to a fake website where they are prompted to review and accept the new agreement.

Software Scam

This scam involved impersonating popular software service providers. The subject line is everything from “Software update” to “account shutdown”. The body of the email is generally the same – the scammer wants you to “validate” or “re-authenticate” your login credentials but clicking on their phony link and entering in your username and password.

Scammers are getting very good at mirroring other company’s websites and emails. The email address, at a glance can look legitimate but if you look closer there’s usually something off about it. Maybe it’s there one letter that’s different or maybe the domain name is .net instead of .com.

Once your credentials are stolen, cybercriminals steal your client information to either file fraudulent returns or steal identities.

Taxpayer Impersonation

This scam is a two-step process. First, the tax preparer receives an email seemingly from a taxpayer looking for tax preparation services. Once you respond to the first message, a second email comes with an embedded web address or a PDF attachment that has an embedded web address. You think you’re downloading a potential client’s tax information when in reality your credentials are being stolen.

Be very careful when it comes to unsolicited emails seeking your services. Never respond to or click on a link in an unsolicited email or PDF attachment from an unknown sender.

There are just a few examples of the seemingly endless attempts at stealing taxpayer information. If you suspect a scam, be sure to contact

Cybersecurity Best Practices

Make cybersecurity an everyday practice by following these tips.

  • Be careful of email attachments and web links.
  • Use separate personal and business computers, mobile devices and accounts.
  • Do not connect personal or untrusted storage devices or hardware into computers, mobile devices or networks.
  • Be careful downloading software.
  • Watch out when providing personal or business information.
  • Watch for harmful pop-ups.
  • Use strong passwords.
  • Conduct online business more securely.

For more on cybersecurity in the tax industry, check out our IRS Don’t Take the Bait Series Recap. Also, be sure to follow our Tax Scam Roundup. We add to it as new scams pop-up.