 internal revenues of his IRS tax news spear phishing targets tax pros and other businesses Honestly, the worlds are crazy place these days. I'm telling you criminals trying to skewer us tax pros with a spear Or not fish you loons Take your spear into the ocean and do all the fishing you want Dang people can't even tell what a fish is these days Honestly, these are probably the same people strolling around naked in the woman's spa with their Johnson's hanging out Ladies asking them. What in the world do you think you're doing and they're like don't worry I'm just another woman just like you all who happens to be looking to do some spear phishing Are any of you ladies by chance tax professionals? I mean, it's like wait a second Might it be that these dudes actually do know what stuff is, but like maybe don't care IRS tax tip 2022-100 June 30th 2022 tax pros take their responsibilities to protect client data seriously. No in common identity theft schemes There's a link to that here like spear phishing is one way they can do that spear phishing scams can target specific Individuals or specific groups so oftentimes when we think about spear phishing We think about those of mass emails that go out Which we might not think is much of a threat because they're not very Sophisticated looking and therefore we can identify them quite clearly But there are other tactics that can be used for spear phishing Such as more targeted spear phishing at an individual or a group making that first email Look a lot more real and if you put your mind in the mind of the scammer here And you think about these different methods They might be using when they use the mass method and they're shooting out these unsophisticated Looking emails that might actually be by design Because their scamming process might include something like Giving them money through say through say a gift card or something like that And so if that's going to be your end target that you have to actually get someone to give you money through a gift card Then you probably want your email almost to be Unsophisticated going out to a whole bunch of people and the people that are responding to it Are probably those that are are less knowledgeable about this stuff more naive about this stuff And more likely to go through the whole process and basically Give money through like a gift card, which would usually trigger a lot of people to say hey This doesn't look quite right. Uh, so then of course if they're targeting more specific individuals like tax professionals Then they're going to use a different design because clearly they're looking for the identity Of the tax pros are trying to get access to the software or something like that Possibly access to the computer. There could be a bigger target there Because now of course that information could be much more valuable now that we have like all these You know tax credits that are going out and stuff So so so so we still have we ought to be quite aware of that Obviously, they might come after tax pros acting like a client which would take a lot more targeted kind of responses and possibly more than one email Then just a mass email that would go out there But then if you have your mind in the mind of the scammer that the payoff might be worthwhile because Then you could get access to a whole bunch of people social securities and file fraudulent returns or whatever spearfishing scams affect all types of businesses and organizations Including small businesses with a client database like pros firms tax pros So thereafter the the clients information just leave us leave the poor tax professionals alone We're always stressed out worried about the taxes already for crying out la Thieves use spearfishing to steal computer system credentials So spearfishing scams target tax pros to steal their account credentials or installed malicious software So if they can steal the credentials or put the malicious software, they might get access to the actual tax software And that's where you got you know the sensitive data or possibly file a tax return remotely Which would be not good possibly more likely on like online software rather than desktop But maybe both in the case thieves can steal client data and the tax preparer's identity to file fraudulent tax returns for refund So that's the goal refunds are going to be Quite more valuable these days for low income individuals because of the increase on things like refundable credits So some common types of spearfishing emails include emails They claim to be from a tax preparation application provider that have the irs logo reference Legitimate irs programs or e services and use subject lines like action required your account has now been put on hold now Usually these these emails You can kind of pick them out because the irs usually kind of corresponds by mail Not so much on the email the the fact that the irs is changing and trying to modernize a little bit Although they're doing it quite slowly Which I think is actually a good thing as long as they can do it well And and have a good systemized process and have everybody understand Can also lead to people now all these changes that are happening be more subject to Uh following victim to these kind of emails that look more real because these because the iris is trying to change Trying to modernize and possibly trying to get into the world of email as opposed to the snail mail So they're they're moving into like the prior century almost so it's good for them. They're pushing forward Once someone has clicked the malicious link the scam email will send them a fake website Which prompts the victim to enter their credentials. So then they they're going to want their credentials. Obviously, that's not good So if they do this these can use this information to file fraudulent returns by using the stolen credentials Other spear phishing emails may pose as potential new clients use malicious links or attachments That will download malware into the victim's computer to steal information So this is probably could be more sophisticated because you could have multiple emails That someone as in correspondence with you building trust with them as a client or potential client And then they send you the malicious Software and so on so if someone suspects an email is phishing attempt They shouldn't respond click any links in the email or open any attachments Tax pros can use these tips to help protect client data or is attacking the poor the poor tax professional it's just Somewhat where's the security summit that needs to come along and deal with these people just like the justice league would Anyways, sorry for the outburst Tax pros can use these tips to help protect client data use separate personal business email accounts Protect email accounts with strong passwords and two-factor Authentification install an anti phishing tool bar to help identify known phishing sites Use security software products with anti phishing tools Use security software to help protect system from malware and scam emails for viruses Never open or download attachments from unknown centers including potential clients We request additional information to help verify their identity or call them to confirm the email is from them So you might want to have actual verbal discussion with them We're giving them a little bit more verification Before you know that way send password protect protected and encrypted documents only Don't respond to suspicious or unknown emails if the phishing email is irs related Save the email as a file attach that file to to an email and send phishing irs.gov Will the phishing irs.gov solve your problem probably not but you're trying to report The fact that these people are doing it they can build up their database And so you're doing you're doing your part by doing that It's not going to help you probably individually, but you're doing what you're doing your part man That's what i'm talking about any case there's that email here There's a link to this some of this link stuff. I think there's a few links up top There weren't many links in this one But there was at least one link and they'll have there'll be a link to this in the description