Famous bank robber Willie Sutton was reportedly once asked why he robbed banks to which he responded, “because that’s where the money is.” When it comes to income tax identity theft which is still a multi billion problem for the IRS and legitimate taxpayers, the best place to get the most information that can be used for purposes of income tax identity theft is, not surprisingly, the offices of professional tax preparers. According to the IRS there has been a 60% increase already this year in the number of data breaches at the offices of professional tax preparers. In most instances the data breaches of professional tax preparers begin with a spear phishing email that lures the tax preparer to click on an attachment to the email that downloads malware that enables the cybercriminal to steal all of the information from the tax preparer’s files including clients’ previous tax returns. Identity thieves use that information to file phony income tax returns and claim a fraudulent refund.
Many of these spear phishing emails appear to come from prospective clients looking for a tax preparer. The email purports to have attached W-2s or other documentation that would be needed to file an income tax return. In other instances, the spear phishing email may indicate that the sender is having a problem with the IRS and indicates that attached is a notice from the IRS. In yet other instances, the spear phishing email appears to be an update for tax preparation software used by the tax preparer.
Spear phishing is the primary way that malware is sent to not just tax preparers, but also businesses, governmental agencies and all of us as individuals, as well. Never click on links in emails unless you are absolutely sure they are legitimate.  If you get such an email from a company, you should always be skeptical and make sure that you call the company or federal agency before considering clicking on the link to confirm whether or not the email is legitimate.  Merely because the email uses your name and even your account number does not mean that the email is legitimate. Trust me, you can’t trust anyone. In addition, you should make sure that your computer is protected with security software and install the latest patches and updates as soon as they become available.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”