Tax Professionals at Risk From Phishing Attacks, IRS Warns | eWeek

IRS Warns Tax Professionals About Risks of Phishing Attacks

IRS Data Breach 2
Jul 10, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The U.S. Internal Revenue Service (IRS) is warning tax professionals about the continuing threat of phishing emails that aim to steal information about clients.

The IRS said that in the first five months of 2017 there were 177 reports from tax firms or professionals of data thefts. Those thefts were of client information, involving what the IRS referred to as, ‘thousands of people’. Data thefts from tax professionals are still occurring, with the IRS noting that it is currently receiving three to five data theft reports a week.

The primary attack vector in the tax professional data theft incidents has largely been phishing emails. The IRS warns that the phishing emails appear to be coming from customers or companies known to the tax professionals. The goal of the phishing emails is to trick the tax professionals into opening a malicious attachment or clicking a link that ends up leading to some form of malware infection and unauthorized data disclosure. 

The IRS noted that tax professional phishing attacks are particularly interested in obtaining e-Services passwords, Electronic Filing Identification Numbers (EFINs), Centralized Authorization File (CAF) numbers and Preparer Tax Identification Numbers (PTINs.)

“We continue to see new and evolving threats involving data breaches, intrusions and various takeovers that put people’s personal information at risk,” John Koskinen, IRS Commissioner, said in a statement. “These efforts are increasingly targeting tax professionals and businesses with tax information.”

The IRS itself is no stranger to cyber-attacks and has been targeted by hackers in different ways over the past few years.

In May 2015, the IRS publicly disclosed that it was the victim of a data breach, by way of its Get Transcript service. In February 2016, the IRS confirmed that it was the victim of an automated attack against the electronic filing PIN application form on the IRS.gov website. The IRS claimed that in both security incidents attacker were able to make use of information obtained from non-IRS websites to gain unauthorized access.

IBM reported in April, that it was seeing a significant increase in the volume of tax related phishing attacks between December 2016 and February 2017. IBM warned that it was also seeing increased sophistication in the tax fraud phishing attacks.

The IRS is not sitting idly by, while the phishing attacks are ongoing and is now ramping up a campaign called ‘Don’t Take the Bait’ as part of its larger Protect Your Clients, Protect Yourself initiative for tax professionals. The Don’t Take the Bait campaign officially get underway on July 11, with a 10-week series of information releases from the IRS to help educate tax professionals on cyber-security issues.

“Too many still overlook basic security steps needed to protect their data,” Koskinen stated. “As part of this, we urge the tax professional community: Beware your inbox. Don’t take the bait from these phishing scams.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.