Back to top


Click here to go back

Spear phishing targets tax pros and other businesses

Posted by Admin Posted on Aug 02 2022


Tax pros take their responsibilities to protect client data seriously. Knowing common identity theft scams, like spear phishing, is one way they can do that. Spear phishing scams can target specific individuals or specific groups. Spear phishing scams affect all types of businesses and organizations, including small businesses with a client database, like tax pros' firms.

Thieves use spear phishing to steal computer system credentials.

Spear phishing scams target tax pros to steal their account credentials or install malicious software. Thieves can then steal client data and the tax preparer's identity to file fraudulent tax returns for refunds.

Some common types of spear phishing emails include emails that claim to be from a tax preparation application provider that have the IRS logo, reference legitimate IRS programs or e-services, and use subject lines like, "Action Required: Your account has now been put on hold."

Once someone has clicked the malicious link, the scam email will send them to a fake website, which prompts the victim to enter their credentials. If they do so, thieves can use this information to file fraudulent returns by using the stolen credentials. Other spear phishing emails may pose as potential new clients use malicious links or attachments that will download malware onto the victim's computer to steal information.

If someone suspects an email is a phishing attempt, they shouldn't respond, clink any links in the email or open any attachments.

Tax pros can use these tips to help protect client data:

  • Use separate personal and business email accounts
  • Protect email accounts with strong passwords and two-factor authentication
  • Install an anti-phishing toolbar to help identify known phishing sites
  • Use security software products with anti-phishing tools
  • Use security software to help protect systems from malware and scan emails for viruses
  • Never open or download attachments from unknown senders, including potential clients, request additional information to help verify their identity or call them to confirm the email is from them
  • Send password-protected and encrypted documents only
  • Don't respond to suspicious or unknown emails; if the phishing email is IRS-related, save the email as a file, attach that file to an email, and send to

If you have any questions regarding accounting, domestic taxation, essential business accounting, international taxation, IRS representation, U.S. tax implications of Real Estate transactions or financial statements, please give us a call at 305-274-5811.

Source: IRS

The information provided on the LBCPA Blog is a community service for general information purposes only, and should not be used as a substitute for consultation with professional advisors who specialize in the topics covered. Please refer to your advisors for specific advice on these subjects. The information is not intended to be used, and it cannot be used, for the purposes of avoiding U.S. Federal and/or State tax laws or the tax laws of any foreign jurisdiction.

These blogs contain general information only and Lord Breakspeare Callaghan LLC or any of the other companies or firms presenting information are not providing accounting, business, financial, investment, legal, tax, or other professional advice or services. Lord Breakspeare Callaghan LLC or any of the other companies or firms contributing with articles shall not be responsible for any loss sustained by any person who relies on this information.