This is my 23rd tax season. Over the course of all those years, there have been varying tax season scams.

We weathered the email scam back in the late ’90s and early 2000s. We educated the public and let them know that the IRS doesn’t send emails. We then went through the telephone debacle, where scammers were calling clients saying they would go to jail if they didn’t pay their “taxes” with gift cards. We again informed the public that the IRS didn’t work that way, that the Service rarely called taxpayers, and that not paying taxes wasn’t criminal.

But in today’s world, the scammers have turned into professionals. It seems like every single day, there’s a new scam targeting us. Let’s go over some simple rules about the information we receive and how we can avoid getting scammed.

Image: Bloomberg News

The newest scam targeting professionals looks like this, according to the IRS:

The scam email comes with the subject line, “Access Locked.” It tells recipients that access to their tax prep software accounts has been “suspended due to errors in your security details.” The scam email asks the tax professional to address the issue by using an “unlock” link provided in the email.

However, the link will take the tax professional to a fake web page, where they are asked to enter their user name and password. Instead of unlocking accounts, the tax professionals actually are inadvertently providing their information to cybercriminals, who use the stolen credentials to access the preparers’ accounts and to steal client information.

The solution is simple. First of all, we can double-check this before we click. We can open our software and see if we are locked out. The question is, why would someone want our username and password for our tax software? Because we have bank account numbers, Social Security Numbers and income information. We have to be on guard due to our access to sensitive information.

Another scam that has come to light is the email from someone wanting us to do their tax return. Again, the solution is fairly cut and dried. When a new client comes to me, I often ask for their tax returns for the last three years, as well as their current information. The problem is these scammers are sending infected pdf files that, once opened, infect a computer and let the scammer gain access to our sensitive information. You need to have some sort of virus protection. I fell victim to this scam and opened an infected pdf file. The good news is that my virus protection caught the infected file and deleted it.

Simple steps can be taken by us to isolate scammers from legitimate clients. To begin with, if something sounds too good to be true, it probably is. It’s not uncommon for me to receive emails from people I don’t know inquiring about services or asking about an article I have written. Since falling prey earlier this tax season, I now know to ask a ton of questions before I open any unsolicited pdf files. Some people have been legitimate and have gone through my additional questions and scrutiny. Others have not. Those that didn’t probably tried to move on to another tax preparer.

It’s not a bad thing to be selective about the clients you have. As I mentioned, additional scrutiny is required in today’s environment. If it’s a legitimate client, then they will understand and appreciate the additional questions. Asking if you can call them back will usually separate the genuine requests from the fraudulent ones. Scammers don’t want to give out a telephone number.

We must be vigilant this time of year to protect the sensitive information to which we have access. Simply by asking additional questions, and by putting certain checks in place, we can protect our data from intrusion.

Craig Smalley

Craig W. Smalley, MST, EA, is the founder and CEO of CWSEAPA, LLP, and Tax Crisis Center, LLC.