We've talked before about how unlikely it would be for an accountant to fall for the ol' "This is the IRS and you're about to be arrested unless you pay your overdue taxes" phone trick, but it seems that some enterprising up-and-comer at IRS Scams, Inc. realized that a few tax professionals would download a software update without thinking twice about it.
In the new scheme identified as part of the IRS Security Summit process, tax professionals are receiving emails pretending to be from tax software companies. The email scheme requests the recipient to download and install an important software update via a link included in the e-mail.
Oh, boy. I believe If there's one Achilles' heel for accountants and other tax professionals, it could be a software update. Not everyone will fall for it, sure, and the IRS "knows of only a handful of cases to date" but it's not like the phony IRS needs to dupe that many maroons to have a new revenue stream on their hands:
Once recipients click on the embedded link, they are directed to a website prompting them to download a file appearing to be an update of their software package. The file has a naming convention that uses the actual name of their software followed by an “.exe extension.
Upon completion, tax professionals believe they have downloaded a software update when in fact they have loaded a program designed to track the tax professional’s key strokes, which is a common tactic used by cyber thieves to steal login information, passwords and other sensitive data.
If you have gullible co-workers, you best get this APB in front of them, ASAP. Hopefully it's not too late.