What steps can tax return preparers take to protect themselves and their clients from phishing emails?
Phishing is a fraudulent tactic where scammers attempt to steal sensitive information, such as usernames, passwords, bank, and credit and debit card information, often through deceptive emails.
This article highlights steps tax return preparers can take to educate and protect both themselves and their clients from phishing threats.
NOTE: It is equally important that both tax return preparers and taxpayers know how to identify and protect themselves against scams and phishing attempts. The document Phishing Guidance for Taxpayers is also found at the bottom of this article. You are encouraged to share this article with your clients.
Educate Clients
- Maintain open and frequent communication with clients throughout tax season.
- Educate clients about the common tactics used in phishing emails, such as urgent requests, suspicious links, and requests for personal information.
- Encourage clients to verify the sender's email address before clicking any links or opening attachments.
- Remind clients to use strong, unique passwords for their tax accounts and other online services.
- Encourage clients to enable two-factor authentication whenever possible for added security.
NOTE: If you use Drake Pay to send payment requests to clients, see KB 15340 for details on what legitimate Drake Pay emails look like.
Practice Safe Email Habits
- Warn clients against clicking on links in unsolicited emails, even if they appear to come from a known sender.
- Be cautious of emails demanding immediate action or threatening consequences.
- If a client receives an unexpected email requesting sensitive information, advise them to contact the sender directly using a verified phone number or email address.
- Implement robust email filters to block suspicious emails and spam.
- Ensure that all software and antivirus programs are up to date to protect against phishing attacks.
Secure Communications
- Use secure communication channels, such as a secure portal, to share sensitive information with clients. Drake Portals is a great way to do so.
- Refrain from sharing sensitive client information via email or other unsecured methods.
- Conduct regular security audits of your office network and systems to identify and address vulnerabilities.
Report Suspicious Emails Immediately
If you or your client receive a suspicious email, do not click on any links in the email, and immediately contact Drake Software at (866) 369-9308 to report the phishing email. If you suspect you may have fallen victim to a phishing scheme, or if you clicked on any links in the phishing email, contact Drake Software at (866) 369-9308 to secure your account.
For details on how to properly forward a suspected phishing email to Drake Software for investigation, see KB 15382.
IRS Resources
On a scale of 1-5, please rate the helpfulness of this article
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!