Spear Phishing Emails

Post Date: 7/24/17
Last Updated: 7/24/17


Cross References
- IR-2017-119, July 11, 2017

The IRS is warning tax professionals about spear phishing email scams. Phishing emails attempt to obtain taxpayer information so that they can file fraudulent tax returns in the names of individual and business clients. These emails target a broad group of us- ers in hopes of catching a few victims. Spear phishing emails pose as familiar entities. Cybercriminals have done extensive research and homework in order to target a specific audience. Tax professionals are among the groups that regularly receive spear phishing emails.

It is estimated that 91% of all cyberattacks and resulting data breaches begin with a spear phishing email. The email, disguised as being from a trusted source, may seek to have victims voluntarily disclose sensitive information such as passwords. Or, it may encourage a person to open a link or attachment that actually downloads malware onto the computer. Here is an example of a spear phishing email:

Hello, I got your email from the local directory. Hope your doing good and actively involved in the tax filing season. I would like to file my tax return...I would like you to have a review and let me know the cost. Click here to view my details...

Note that the sender has done their research, obtaining the name and email address of a tax professional. The email is conversational, but ungrammatical and oddly constructed. This is potentially a sign that English is a second language. The email also contains a tiny URL link to mask the true destination of the link. Other versions of this spear phishing email scam ask the tax professional to open an attachment to see the prospective client's tax information that is needed to prepare a return. The attachment in reality downloads malware that tracks each keystroke made by the tax professional so that the criminal can steal passwords and other sensitive data.

Most spear phishing emails have a "call to action" as part of their tactics, an effort to encourage the receiver into opening a link or attachment. The example above asks the preparer to review their tax information and provide a cost estimate.

Other spear phishing emails impersonate the IRS, such as the IRS e-Services tools for tax professionals, or in some instances a private-sector tax software provider. In those examples, preparers are warned that they must immediately update their account information or suffer some consequence. The link may go to a website that has been disguised by the thieves to look like the login pages for IRS e-Services or a tax software provider.

Cybercriminals are endlessly creative. This year, some identity thieves hacked individuals' emails accounts. Noticing that the individuals had been in email contact with tax preparers, the criminals used the individual's email address to send a note to their preparer asking that the direct deposit refund account number be changed.

See printable version for remainder of article.
Return to Tax Industry News
© Tax Materials, Inc. 2021