Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


IRS warns about spear phishing

Fraud Alert:

 

Spear phishing is not a sport. It’s a scam and the IRS has issued an alert to tax professionals to be wary of it. Their clients may be the ultimate victims.

Kaspersky Lab, a global cybersecurity company, defines spear phishing as “an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.”

Phishing emails are sent to many people in hopes of snagging a few victims. Spear phishing emails are more targeted and appear to be from a familiar person or entity. The crooks have done extensive research to make the recipient believe the message is real.

IRS Commissioner John Koskinen said, “We are seeing repeated instances of cybercriminals targeting tax professionals and obtaining sensitive client information that can be used to file fraudulent tax returns. Spear phishing emails are a common way to target tax professionals.”

The Internal Revenue Service alert includes a sample of a spear phishing email that was sent during this year’s tax season. The sender impersonates a prospective client and asks the tax professional to click on an attachment containing information for the client’s tax return and to quote a fee for preparing it. The attachment downloads malware that tracks each keystroke by the tax professional, allowing the crook to steal passwords and other sensitive data.

Other phishing emails impersonate the IRS or tax software providers. The IRS also warns about crooks hacking into taxpayers’ email accounts and sending notes to their preparer changing the destination for their refund.

Security firm Trend Micro says 91 percent of cyberattacks and resulting data breaches begin with a spear phishing email.

The IRS offers the following advice for tax professionals to avoid spear phishing scams than can compromise their clients’ information (much of the advice is equally useful to consumers to thwart phishing scams):

  1. Educate all employees about phishing in general and spear phishing in particular.
  2. Use strong, unique passwords. Better yet, use a phrase instead of a word. Use different passwords for each account. Use a mix of letters, numbers and special characters.
  3. Never take an email from a familiar source at face value; example: an email from “IRS e-Services.” If it asks you to open a link or attachment, or includes a threat to close your account, think twice. Visit the e-Services website for confirmation.
  4. If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize or if it’s an abbreviated URL, don’t open it.
  5. Consider a verbal confirmation by phone if you receive an email from a new client sending you tax information or a client requesting last-minute changes to their refund destination.
  6. Use security software to help defend against malware, viruses and known phishing sites and update the software automatically.
  7. Use the security options that come with your tax preparation software.
  8. Send suspicious tax-related phishing emails to phishing@irs.gov.

 

This IRS alert is part of the Security Summit effort, an unprecedented partnership between the IRS, state tax agencies, and the private sector tax industry formed to combat tax-related cybercrimes.

Randy Hutchinson is president and chief executive officer of the Better Business Bureau of the Mid-South.

Article source: http://www.jacksonsun.com/story/opinion/columnists/2017/07/28/irs-warns-spear-phishing/520686001/