The IRS warned tax practitioners in an "urgent alert" that, in another brazen attempt to target tax professionals, scammers are sending fraudulent phishing emails asking practitioners to update their IRS e-services information. The emails claim that information was stolen from certain users' e-services accounts in 2015 and that their accounts need to be updated to ensure their information is protected (IR-2016-145).
The subject line for the fraudulent email is "Security Awareness for Tax Professionals," and the "From" line says, "Your e-services team." The email has an IRS logo and an e-services logo, which links to a spoofing website that purports to be an e-services registration page. The scammers are attempting to steal usernames and passwords and other personal data and are also exploiting the IRS's current program of attempting to strengthen tax professionals' e-services authentication process.
Practitioners who have mistakenly clicked on the email and provided their usernames and passwords should contact the e-services help desk to reset their accounts. If they use the same information for other accounts, those should be changed as well. The IRS recommended that those practitioners perform a deep security scan on their computers and reevaluate their security controls.
The IRS also advised tax professionals to use effective security software, encrypt taxpayer data, use strong passwords and change them often, learn to recognize phishing emails, not click on links or download attachments from suspicious emails, and be wary of unusual IRS communications.