The IRS, state tax agencies, and the tax industry are warning industry professionals about a new, convincing phishing scam, capitalizing on the extension tax deadlines of Sept. 15 and Oct. 15.
The Internal Revenue Service issued a Security Summit Alert for tax professionals to beware of this new phishing email scam, which impersonates tax software providers. The message claims to offer software upgrades, and attempts to steal usernames and passwords to access the preparers' accounts and mine sensitive client data.
"This sophisticated scam yet again displays cybercriminals' tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business," the IRS alert advised.
Recommended For You
The latest email variation carries a subject line of "Software Support Update" and highlights an "Important Software System Upgrade." The e-mail informs recipients that due to a recent software upgrade, the preparer must revalidate their login credentials. It provides a link to a fictitious website that mirrors the software provider's actual login page. Instead of upgrading software, the duped tax professionals provide information to cybercriminals who use the stolen credentials to access the preparers' accounts and to steal client information.
"This scam is targeting tax professionals and firms, attempting to steal highly sensitive client information, and, frankly, it's not surprising," Mike Wyatt, threat researcher, at San Francisco based digital threat management firm RiskIQ, said. He explained cybercriminals often leverage holidays, events, and other important dates in their threat campaigns, so it makes perfect sense to capitalize on the extended tax deadlines coming up. "Ultimately, getting people to click on their links requires social engineering, and leveraging themes and holidays is a reliable tactic for them."
In 2016, RiskIQ detected approximately 58 million incidents, or 158,904 a day. There was a clear spike between late February and mid-April, the height of income-tax return season. And it looks like threat actors are now taking advantage of 2017's extended deadlines.
Wyatt pointed out the threat actors use convincing branding, language, and URLs to make phishing attempts more realistic and more difficult for users to quickly determine the email's authenticity. However, most brands remain unaware of how their branding's use in threat campaigns across digital channels. even though the legitimate brands, like the tax software providers in this instance, have nothing to do with the threat campaigns, many customers will still blame them.
Wyatt suggested companies should have a complete, adaptive and continuous inventory of their entire digital footprint to protect their reputation and their customers' confidence in them.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
