The IRS has issued a warning to tax professionals regarding a rise in phishing emails and cyber threats aimed at stealing sensitive taxpayer data. This alert has been released as part of the second installment of the “Protect Your Clients; Protect Yourself” summer series, a joint initiative of the Security Summit. The campaign has emphasized early awareness and practical defense strategies to counter identity theft and fraud targeting tax practitioners.
As phishing tactics have grown more sophisticated, the IRS has highlighted several evolving threats, including clone phishing, spear phishing, and whaling. These schemes often involve deceptive messages impersonating trusted sources, aiming to gain access to confidential information or install malware. The Service has advised tax professionals to watch for urgent messages, unfamiliar links or slight variations in email addresses, all of which are signs of malicious intent. The IRS has urged practitioners to remain cautious when receiving unsolicited emails or client inquiries, especially those containing attachments or embedded links.
To strengthen office security, the IRS has encouraged use of the “Security Six” protections, which include anti-virus software, firewalls, multi-factor authentication, data backup, drive encryption and Virtual Private Network (VPN) usage. Tax professionals experiencing or suspecting a data breach have been asked to contact their IRS Stakeholder Liaison immediately. The Service recommends reviewing resources such as Publication 5293 and Publication 4557 for additional data protection guidance. Upcoming IRS Nationwide Tax Forum sessions continue to focus on these cybersecurity priorities.
