There’s a new phishing scheme going around that is targeting tax professionals.
Here’s how it works: a tax professional receives an email claiming to be from tax software providers attempting to trick them into clicking a link and downloading “important software.”
According to the Internal Revenue Service, the file has a naming convention that uses the actual name of their software followed by an “.exe extension.” When the attached file is downloaded it allows cyber thieves to track their key strokes in order to steal login information, passwords and additional personal data.
To combat this type of invasion the IRS launched the “Protect Your Clients; Protect Yourself” campaign to encourage tax professionals to enhance their security protections. The campaign reminds tax preparers to create security requirements for their entire staff regarding computer information systems, paper records and use of taxpayer data. It also recommends business require periodic password changes every 60 to 90 days.
Better Business Bureau serving the Northwest offers the following tips to tax professionals so they can better protect themselves and their clients:
- Misspelled words. It’s true that everyone needs an editor. But it is very rare to find a typo in an email sent by a legitimate company. If your email wording is odd, it is most likely a scam.
- Think before you click. Be wary of an email that includes urgent instructions to take quick action such as “Click on the link or your account will be closed.”
- Pay attention to a website’s URL. Hover over any links to see where they lead. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different – but similar – domain.
For more tips on protecting yourself from these types of scams visit bbb.org/northwest.