The Internal Revenue Service (IRS) has issued a warning to tax professionals about a new phishing email scam that attempts to mimic tax software providers. The warning advises users to be aware of an email that tries to trick recipients into handing over their login credentials.
The sophisticated email features the convincing subject line “Software Support Update” and emphasizes an “Important Software System Upgrade.” It also “thanks recipients for continuing to trust the software provider to serve their tax preparation needs and mimics the software providers’ email templates.”
Victims are also informed that due to the ‘important software system upgrade’ they need to verify their credentials. Once users log in to the fake website that “mirrors the software provider’s actual login page”, their login credentials are readily available to the cyber criminals who can then access the accounts and steal client information.
The timing of this phishing attack is important as it coincides with the seasonal software upgrades from providers. It also comes in the middle of a ten-week ‘Don’t Take the Bait’ campaign by the Security Summit, which aims to highlight the importance of cybersecurity in the tax industry.
The IRS has issued the following advice:
Tax professionals who receive emails purportedly from their tax software providers seeking login credentials should send those scam emails to their tax software provider.
As phishing attacks are on the increase, it is essential to reiterate the importance of improving staff awareness. To help staff discover how to mitigate the risk of phishing attacks – and retain that information – you need to provide them with dedicated training.
How to protect your staff from phishing attacks
No matter how effective your spam filter is, a spoof email could bypass it, making your organization’s staff the last line of defense against fraud. It is therefore vital that your staff are aware of the risks of phishing emails. E-learning courses are an efficient, cost-effective method of training all staff with minimal disruption.
Our Phishing Staff Awareness Course provides a detailed outline of phishing scams, helping to reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems. The course also helps employees identify phishing attacks, explains what happens when they fall victim, and shows them how they can mitigate the threat of an attack.
Find out more about our Phishing Staff Awareness Course >>