Tax phishing scam mimics software providers

The latest phishing scam prompts tax professionals to install a software update that instead steals sensitive information. Chris Whitehead/Getty Images

Tax identity thieves don’t take summer vacations.

In fact, warns the Internal Revenue Service, they are out there now with a new phishing scam that mimics tax software providers.

The one bit of good news for us taxpayers is that we are not the target this time. This latest identity theft scheme is aimed at tax professionals.

Update offered by fake software provider

This emerging phishing email scam pretends to be from tax software providers and tries to trick tax pros into clicking on a bogus link, according to an Aug. 11 notice issued by the IRS.

The email scheme asks the recipient to click on a link in the message to download and install what it calls an important software update.

Clicking on the embedded link takes the phishing tax victim to a website where they are prompted to download a file appearing to be an update of the fake company’s software package. The file has a naming convention that uses the actual name of the software, followed by an .exe extension.

Don’t let crooks into your operating system

Internet 101 students known that .exe is an executable file that gets access to your machine. If you have security software on your computer, it should alert you to the possible dangers.

However, since this identity theft effort comes from a seemingly legitimate tax software company that the victim probably uses, it’s not surprising that some folks might follow the phishing email’s directions.

That’s unfortunate, for them and their clients.

Once the .exe file is done, instead of the tax professionals downloading a real software update, they have put onto their computers a program designed to track the computer’s key strokes. This common tactic used by cyber thieves allows the criminals to steal the tax pro’s login information, passwords and other sensitive data.

Avoid becoming a tax ID theft victim

Fortunately, relatively speaking, the IRS says it knows of only a handful of cases to date where tax professionals’ computers have been compromised.

But the agency is urging tax pros to be on the lookout for these scams.

So should every taxpayer. While this tax identity theft scheme is targeting professionals, you can be sure the criminals eventually will be coming after all of us individual filers, too.

To protect yourself, never click on unexpected links in emails. Similarly, don’t open attachments contained in unsolicited e-mails.

If you think you do need to update your tax software, go to that provider’s main webpage to connect and check on the latest information.

If you get a suspicious tax-related email, let the IRS know by forwarding it to phishing@irs.gov.

Finally, if you do think your tax and/or personal financial data might have been obtained by an identity thief, monitor your credit reports. You can do so for free by using mybankrate.com.

You also can keep up with tax identity theft news, as well as find filing tips, calculators and more at Bankrate’s Tax Center.

And be sure to follow me on Twitter: @taxtweet.