IRS Tax TipsAugust 21, 2023

Useful Links:

Help For Hurricane Victims

News Essentials

What’s Hot

News Releases

IRS – The Basics

IRS Guidance

Media Contacts

Facts & Figures

Around The Nation

e-News Subscriptions

The Newsroom Topics

Multimedia Center

Noticias en Español

Radio PSAs

Tax Scams/Consumer Alerts

The Tax Gap

Fact Sheets

IRS Tax Tips

Armed Forces

Latest News

IRS Resources

Contact Your Local IRS Office

Filing Your Taxes

Forms & Instructions

Frequently Asked Questions

Taxpayer Advocate Service

Where to File

IRS Social Media

Issue Number:  Tax Tip 2023-102


Tax pros: Stay vigilant against phishing emails and cloud-based attacks

The IRS and its Security Summit partners continue to see a steady stream of attacks aimed at the nation’s tax professionals to steal sensitive tax and financial information from their clients.

One of the most common threats facing tax pros are phishing and related scams. These are designed to trick the recipient into disclosing personal information such as passwords and bank account, credit card and Social Security numbers, or into sending gift cards or wire transfers to the scammer.

Tax pros should be aware of different phishing terms and what the scams might look like:

  • Phishing/Smishing – Phishing emails or SMS/texts attempt to trick the recipient into clicking a suspicious link, filling out information or downloading a malware file. Often phishing attempts are sent to multiple email addresses at a business or agency increasing the chance someone will fall for the trick.
  • Spear phishing – This is a specific type of phishing scam that identifies potential victims and delivers a more realistic email known as a “lure.” These types of scams can be trickier to identify since they don’t occur in large numbers. They single out individuals, can be specialized and make the email seem more legitimate. These senders can pose as a potential client for a tax professional, luring the practitioner into sharing sensitive information.
  • Whaling – Whaling attacks generally target leaders or other executives with access to secure large amounts of information at an organization or business. Whaling attacks can also target people in payroll offices, human resource personal and financial offices

Cloud-based schemes
The IRS and its professional partners continue to see attacks that take advantage of cloud-based applications. These schemes trick their victims with realistic-looking phishing emails that contain links to portals that look like these applications but are really phishing websites designed to collect the tax preparer’s credentials.

Tax pros that use cloud-based applications to store information or run tax preparation software should use multi-factor authentication to help safeguard data. Multi-factor authentication provides an extra layer of security.

Warning signs of scams
Regardless of the type of phishing attempt, tax pros can protect themselves and their business by looking for warning signs like:

  • An unexpected email or text claiming to come from a known or trusted source such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS and other government agencies.
  • A false narrative with an urgent tone telling the receiver to open a link or attachment.
  • An email address, number or link that’s misspelled or has a different domain name or URL like vs.

More information:
Protect Your Client; Protect Yourself
Nationwide Tax Forums
Cybersecurity & Infrastructure Security Agency – Phishing Scam infographic

Back to top

FaceBook Logo  YouTube Logo  Instagram Logo  Twitter Logo  LinkedIn Logo

Thank you for subscribing to IRS Tax Tips, an IRS e-mail service. For more information on federal taxes please visit

This message was distributed automatically from the IRS Tax Tips mailing list. Please Do Not Reply To This Message.

This email was sent to by: Internal Revenue Service (IRS) · Internal Revenue Service · 1111 Constitution Ave. N.W. · Washington DC 20535GovDelivery logo