Income tax professionals are being alerted by the Internal Revenue Service that a new email phishing scam has been unleashed, and it targets preparers.

This latest scam, identified by IRS Security Summit partners, starts with an email to a tax professional that pretends to be from a tax software company. The message tries to convince the recipient to download and install an important software update – conveniently available through an included link in the email.

After clicking the link, the recipient is redirected to a website prompting them to download a file appearing to be an update of their software package. The file uses the actual name of their software followed by “.exe extension.”

However, instead of downloading a software update, the preparer would download a program that can track their keystrokes – a common tactic used to steal login information, passwords and other sensitive data. Those keystrokes would be secretly sent to the scammer.

As part of its Protect Your Client; Protect Yourself campaign, the IRS provided this list of steps they would like all preparers to follow:

• Be alert for phishing scams: do not click on links or open attachments contained in e-mails and always utilize a software provider’s main webpage for connecting to them. (Drake updates always come from within the software itself, not in an email.)
• Run a security “deep scan” to search for viruses and malware;
• Strengthen passwords for both computer access and software access; make sure your password is a minimum of 8 digits (more is better) with a mix of numbers, letters and special characters;
• Educate all staff members about the dangers of phishing scams in the form of emails, texts and calls;
• Review any software that your employees use to remotely access your network and/or your IT support vendor uses to remotely troubleshoot technical problems and support your systems. Remote-access software is a potential target for bad actors to gain entry and take control of a machine.

Also, review Publication 4557, Safeguarding Taxpayer Data, A Guide for Your Business, which provides a checklist to help safeguard taxpayer information and enhance office security.