Tax Professionals & Business Owners: Beware of the New IRS Client Email ScamCybercriminals are at it again, and this time they’re targeting tax professionals with a new email scam designed to steal sensitive client information. The IRS recently issued a warning about this sophisticated phishing attempt, where fraudsters pose as potential clients seeking tax preparation services. Here’s what you need to know to stay protected.

How the Scam Works

Hackers are sending emails to tax professionals pretending to be new clients in need of tax services. These emails often include fake tax documents that the sender claims are their tax information. The attachment typically contains malware or a phishing link designed to steal credentials, allowing cybercriminals to access client records, tax software, and other sensitive data.

Red Flags to Watch For

Scammers are getting more sophisticated, but their tactics still have some common warning signs. Be on the lookout for:

  • Unsolicited emails from unknown senders – If you didn’t initiate contact, proceed with caution.
  • Attachments or links – The biggest red flag! Cybercriminals use these to deliver malware or phishing pages.
  • Poor grammar and vague messaging – Many scam emails contain odd phrasing or inconsistencies.
  • Urgency tactics – Scammers often pressure you to open an attachment quickly.

How to Protect Your Business

Protecting your business and client data should always be a top priority. Here’s what Monmouth Cyber recommends:

  • Verify new clients independently – If you receive an unsolicited email, call the person directly using a publicly listed phone number to verify their identity.
  • Avoid opening unexpected attachments – Even if the email looks professional, don’t download or open anything unless you’re sure it’s legitimate.
  • Use strong cybersecurity solutions – Ensure your email filtering, endpoint protection, and firewalls are up to date.
  • Implement multi-factor authentication (MFA) – Secure access to your systems with an extra layer of protection.
  • Educate your staff – Make sure everyone in your firm understands the risks and knows how to spot phishing attempts.

What to Do If You’re Targeted

If you receive a suspicious email like this, do not engage. Instead:

  1. Report the email to phishing@irs.gov – This helps the IRS track and combat these scams.
  2. Delete the message immediately – Do not click any links or open attachments.
  3. Run a full cybersecurity scan – If you suspect any compromise, scan your network for threats and take immediate action.
  4. Contact your IT provider – If you’re unsure about an email or concerned about a potential breach, reach out to Monmouth Cyber (732.681.2360) for a thorough security assessment.

Stay Cyber-Safe

Tax professionals and business owners are prime targets for cybercriminals, especially during tax season. By staying informed and implementing strong security practices, you can protect your business and your clients from these evolving threats. Need help securing your systems? Monmouth Cyber is here to ensure your data stays safe with top-tier IT and cybersecurity solutions. Contact us today to learn more about how we can help safeguard your business from cyber threats.