The IRS Urges "Constant Vigilance" Against This New Scam

Thankfully, tax season is well behind us. Returns have been submitted and refunds have been received, allowing most of us to turn our attention away from the Internal Revenue Service (IRS) for the rest of 2022. But con artists don't go into hibernation when tax seasons ends. Unfortunately, scammers are always looking for new ways to capitalize on the sensitive information being funneled through the IRS—which is why the agency just issued an alert about a new scheme targeting Americans right now. Read on to find out what the IRS says requires "constant vigilance."

READ THIS NEXT: The IRS Just Issued This Major New Warning to All Americans.

This is hardly the first time the IRS has had to sound the alarm on scammers trying to take advantage of taxpayers. Back in February, the agency warned that there had recently been an "uptick in text messages" being sent to smartphones that were impersonating the IRS. These messages typically referenced COVID or stimulus payments, and attempted to obtain private information from recipients.

In April, the IRS urged taxpayers to set up an Identity Protection Pin to protect themselves against thieves using other people's Social Security numbers to file tax returns and claim fraudulent returns. Tax identify theft remains a problem that everyone needs to take seriously, the agency reiterated.

Now, the IRS has a warning about a new scam that could reach you outside of tax season.

On July 26, the IRS sent out a news release to raise awareness about "evolving scams" designed to steal taxpayer data. The agency has joined forces with representatives of the software industry, tax preparation firms, payroll and tax financial product processors, and state tax administrators to create the Security Summit, a task force dedicated to combatting identity theft and fraud to "protect the nation's taxpayers."

According to the IRS, the Security Summit workers have started to see more and more instances of tax professionals falling victim to phishing emails in which scammers pose as potential clients. "The criminals then trick practitioners into opening email links or attachments that infect computer systems with the potential to steal client information," the agency explained in its new alert.

RELATED: For more up-to-date information, sign up for our daily newsletter.

The IRS said that scammers "often use spear phishing to target tax professionals," which is a specific kind of con where criminals take the time to identify certain victims and create fraudulent messages that are more enticing than general phishing emails. A major new instance of spear phishing is the "reoccurring and very successful" scam in which criminals pose as potential clients and send several emails with tax professionals before sending a corrupted attachment or embedded URL that is disguised as their tax information.ae0fcc31ae342fd3a1346ebb1f342fcb

"Once the tax pro clicks on the embedded URL and/or opens the attachment, malware secretly downloads onto their computers, giving thieves access to passwords to client accounts or remote access to the computers themselves," the IRS said.

According to the agency, officials are noticing more instances where this spear phishing tactic is targeting a specific group: smaller tax professionals or businesses as opposed to big companies. "This scam gained energy as many tax professionals worked remotely and communicated with clients over email versus in-person or over the telephone because of the pandemic," the IRS explained.

In a statement, IRS Commissioner Chuck Rettig confirmed that identity theft scammers "continually try new schemes" to steal personal and financial information from Americans through their tax professionals. "We continue to see a barrage of emails aimed at tax professionals trying to trick them into providing valuable access to identity thieves," he said."Constant vigilance is necessary, not just during tax season but year-round."

The commissioner said this "constant vigilance" includes a number of "invaluable recommendations" for all tax professionals—both large and small—to protect their clients. This includes advising financial workers to keep anti-virus software automatically updated, regularly back up files, and use multi-factor authentication. "Specifically, the Summit partners urge people using cloud-based platforms to use multi-factor options like phone, text or tokens. This can avoid potential vulnerabilities with authentication done just through email, which is easier for identity thieves to access," the IRS said, noting that it is a tax preparer's responsibility to secure their network to protect taxpayer data.