Select Page

If you are a tax professional, you depend on software to file tax returns and protect client information. The most recent tax-related email scheme targets the relationship between you and your software providers.

The phishing email scam is designed to look like an email from your software provider asking you to click on a link and download an important update. Read on to learn what you could actually be allowing on your work computer.


Keystroke tracking

This is not the first email scheme targeting professionals. In our March blog, we reported on a scam that targeted HR employees seeking W-2 information.

This one is something out a spy movie. A program that tracks your keystrokes is installed on your computer when you download the update to your software package that ends with “.exe extension.” Cyber criminals use this tactic to gain access to passwords and other sensitive information.

The IRS is only aware of a handful of these cases. But this is how these types of schemes work. As soon as the agency reports on the latest variant, those running these schemes try something else a little different.

Other email schemes have targeted individual taxpayers trying to get them to provide identification emails.

How can you protect yourself and your clients?

Be alert and sign up for the IRS Newswire emails. The agency is generally quick to send out warnings when it uncovers a new variant on an email phishing scam. Educate all staff, so they know how to identify and avoid scams in their various forms.

Something as simple as strengthening passwords can also offer greater protection. Passwords should have at least 8 digits with a combination of upper case letters, numbers and special characters.

In addition, routine scans to search for viruses or malware essential to protect your business. Review software used to remotely access your network. Vulnerabilities may allow someone to gain entry to your network through a machine.