IRS building

The Internal Revenue Service, along with the state tax authorities and tax industry companies that are part of its Security Summit, issued a warning Wednesday to tax professionals to beware of a new two-stage email scam from cybercriminals who are posing as clients soliciting tax services.

A new variation of the long-running phishing scheme is now targeting accounting and tax preparation firms nationwide. The goal of the scam is to collect sensitive information that can enable criminals to prepare fraudulent tax returns.

The latest phishing emails typically arrive in two stages. The first email message is the solicitation, asking tax practitioners questions such as "I need a preparer to file my taxes." If the tax professional responds to the first message, the fraudster sends a second email. This second email typically has either an embedded web address or includes a PDF attachment that has an embedded web address.

In some cases, the phishing emails seem to come from a legitimate sender or organization (perhaps a friend or colleague) because they too have been victimized by cybercriminals who have taken over their accounts to send phishing emails.

Tax practitioners may assume they are downloading a potential client's tax information or accessing a site with their tax information. However, in reality, the fraudsters are collecting the preparer's email address and password and perhaps other information.

The IRS is encouraging tax practitioners and tax prep firms to consider creating internal policies or seek recommendations from security experts about how to deal with unsolicited emails seeking their services.

The IRS cautions tax pros to never respond to or click on a link in an unsolicited email or PDF attachment from an unknown sender. As the IRS and its Security Summit partners step up their efforts to safeguard against identity theft, cybercriminals have need to become ever more sophisticated in their strategies for stealing client information from tax professionals. Criminals need more data in their effort to impersonate clients and file fraudulent returns to claim refunds, due to the IRS’s increased authentication steps for verifying the identities of tax filers, and schemes like this can help in this effort.

For more information, visit the web page, Protect Your Clients; Protect Yourself, which details the Security Summit initiative to increase awareness in the tax professional community about cybersecurity.

Michael Cohn

Michael Cohn, editor-in-chief of, has been covering business and technology for a variety of publications since 1985.