IRS 2023 Dirty Dozen – Scam #8: Spearphishing and Cybersecurity for Tax Professionals and Businesses (Part C)

IRS 2023 Dirty Dozen – Scam #8: Spearphishing and Cybersecurity for Tax
Professionals and Businesses (Part C)

CLIENT IMPERSONATION: SPEARPHISHING AIMED AT TAX PROS
The IRS and its Security Summit partners continue to see spearphishing attempts that
impersonate a new potential client, known as the  “New Client” scam . If the tax preparer
responds, the scammer sends a malicious attachment or URL that ultimately enables them
to gain access to sensitive client information on the tax preparer’s computer systems.

BOGUS REQUESTS FOR W-2S: SPEARPHISHING AIMED AT BUSINESSES

The IRS wants to warn businesses about another specific spearphishing scam that targets
employees in payroll or accounting departments. These employees might get an email
that looks like it comes from an official source requesting W-2s for all employees. The
payroll department might accidentally reply with these important documents, which
would provide scammers with W-2 data on employees that can be used to commit fraud.
The IRS recommends using a two-person review process when receiving these types of
requests for W-2s. The IRS also recommends any requests for payroll be submitted
through an official process, like the employer’s Human Resources portal.
Next week #8: Spearphishing and cybersecurity for tax professionals and Businesses
(Part D)

(IRS Web Site (TTT 091223)