IRS & Security Summit: Phishing Emails


Tax and accounting firms are prime targets for Phishing Attacks, which are emails which generally have an urgent message, such as your account password expired. They direct you to an official-looking link or attachment. The link may take you to a fake site made to appear like a trusted source and request your username and password. Or, the attachment may contain malware, which secretly downloads malware that tracks keystrokes and allows thieves to eventually steal all the tax pro’s passwords.

“The coronavirus has created new opportunities for cybercriminals to use email to try stealing sensitive information,” said IRS Commissioner Chuck Rettig. “The vast majority of data thefts start with a phishing email trick. Identity thieves pose as trusted sources – a client, your software provider or even the IRS – to lure you into clicking on a link or attachment. Remember, don’t take the bait. Learn to recognize and avoid phishing scams.”

This year, IRS identified a highly sophisticated attack against tax firms where thieves gained remote access either through phishing or malware and were able to enter the cloud storage accounts that held client files. In one case, thieves spent 18 months quietly downloading and accessing taxpayer information before they were discovered.

Taxpayers and tax preparers can forward suspicious emails posing as the IRS to

Because phishing emails are so common and successful, Summit partners urge tax professionals to educate all office personnel about the dangers and risks of opening suspicious emails – especially during the COVID-19 period.

All or part of this article ran in originally on as part of the Security Summit series called Working Virtually: Protecting Tax Data at Home and at Work.

Additional Resources

Tax professionals also can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data (PDF), and Small Business Information Security: The Fundamentals (PDF) by the National Institute of Standards and Technology.

Publication 5293, Data Security Resource Guide for Tax Professionals (PDF), provides a compilation of data theft information available on Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media or visit Identity Theft Central at

Like what you’re reading?

Subscribe to our FREE newsletter and we’ll deliver content like this directly to your inbox.

Previous articlePersonality Types in Business
Next articleIs it a Hobby or a Business?
Gary DeHart has worked in media for more than 25 years and has been instrumental in developing new revenue streams and business opportunities for the companies he has worked for. Prior to launching Insightful Accountant (formerly Intuitive Accountant), Gary was the Associate Publisher of Accounting Today. Prior to working in media serving the public accounting market, he worked in media for employee benefit managers and brokers, automotive design, textile manufacturing and recreational boating. In addition to being the Publisher and Managing Partner of Insightful Accountant, Gary works with select clients within the accounting market on channel development and growth. He is an Assistant Scoutmaster with the Boy Scouts of America, enjoys fly fishing, time on the beach, cooking on the Big Green Egg and spending time with his family.