IRS Scam Targeting Accountants

Urgent IRS Warning: Cybercriminals Targeting Tax Professionals

Threat Intelligence
February 20, 20252 min read

Tax professionals are now prime targets for cybercriminals using a sophisticated phishing scam that tricks accountants into handing over email credentials, client data, and financial information. With tax season in full swing, the IRS has issued an official warning about this scam, urging professionals to stay alert before it’s too late.

How the “New Client” Scam Works
This latest attack preys on the busy schedules of tax professionals. Here’s how scammers are gaining access:

  • A cybercriminal poses as a new client looking for tax help.

  • They send an email containing a malicious attachment or link, claiming it includes their tax documents.

  • Once clicked, the hacker gains full access to the professional’s email, passwords, and client data.

  • Using the compromised email, they impersonate the firm—sending fraudulent tax updates and phishing attempts directly to clients.

Tax professionals hold some of the most sensitive financial data, making them a top target for these scams. A single click could lead to financial fraud, identity theft, and even regulatory compliance violations.

Why This Scam is So Dangerous

  • Timing is key – Scammers exploit the chaos of tax season, knowing professionals are handling high volumes of clients and sensitive data.

  • Data breaches put firms at risk – A compromised system could result in fraudulent tax filings, client identity theft, and financial losses.

  • Regulatory compliance at stake – Firms failing to protect client data risk violating FTC Safeguards and Gramm-Leach-Bliley regulations, potentially impacting their ability to file insurance claims.

How to Protect Your Firm and Clients
Cybercriminals are relentless, but taking these proactive security measures can help mitigate risks:

Educate Your Team – Train employees to recognize phishing attempts and avoid clicking on suspicious emails or links.

Secure Your Data – Implement a Written Information Security Plan (WISP) to ensure compliance with federal data protection laws.

Strengthen Email Security – Use multi-factor authentication (MFA) to add an extra layer of protection against unauthorized access.

Monitor for Unusual Activity – Keep a close watch on your firm’s email accounts and financial transactions.

Schedule a Security Assessment – If you’re unsure whether your firm’s cybersecurity is strong enough, now is the time to take action.

Don’t Wait Until It’s Too Late
Tax professionals are prime targets for cybercriminals, and the risks only increase during tax season. If you handle sensitive client data, now is the time to bolster your security measures before hackers find their way in.

References:

Questions or concerns?  Schedule a quick 26-minute call with Greg Mauer to discuss your concerns or answer your questions.

AccountantIRS ScamTax ScamqnectUUtah Business
Gregory Mauer is the founder and CEO of qnectU, a best-selling author, speaker, and a cybersecurity & compliance expert. He has been on stage with the likes of the “Nice Shark”, Robert Herjavec, Siri co-founder Adam Cheyer, and business coach and author, Mike Michalowicz.

Greg Mauer

Gregory Mauer is the founder and CEO of qnectU, a best-selling author, speaker, and a cybersecurity & compliance expert. He has been on stage with the likes of the “Nice Shark”, Robert Herjavec, Siri co-founder Adam Cheyer, and business coach and author, Mike Michalowicz.

Back to Blog