Tax pros should watch out for phishing emails and other attacks, Security Summit warns

Week 2 of the Protect Your Clients; Protect Yourself series focuses on evolving threats and ways for tax pros to take countermeasures

IR-2025-75, July 15, 2025

WASHINGTON — The Internal Revenue Service and Security Summit partners warn tax professionals to be wary of evolving phishing emails and other schemes to steal sensitive taxpayer data and offer steps tax pros can take to protect sensitive taxpayer information.

This is the second in the five-part Protect Your Clients; Protect Yourself summer series, organized annually by the Security Summit, which includes tax professionals, industry partners, state tax agencies and the IRS. The public-private partnership has worked together since 2015 to protect the tax system and taxpayers from identity theft and fraud.

These security tips will be a key focus of the Nationwide Tax Forum this summer. In addition to the series of five news releases, the tax professional security component will be featured at the forums, which are three-day continuing education events.

The remaining forums are Aug. 5 in New Orleans, Aug. 26 in Orlando, Sept. 9 in Baltimore and Sept. 16 in San Diego. Registration deadlines for the remaining forums are quickly approaching, and most forums sell out before the registration deadline.

Phishing, spear phishing, clone phishing and whaling

Among the most common threats facing tax pros are phishing and related scams. These are designed to trick the recipient into disclosing personal information such as passwords, bank account numbers, credit card numbers or Social Security numbers.

Tax professionals and taxpayers should be aware of different phishing terms and what the email scams might look like:

  • Phishing/Smishing – Phishing emails or SMS/texts (known as “smishing”) attempt to trick the recipient into clicking a suspicious link, filling out information or downloading a malware file. Often, phishing attempts are sent to multiple email addresses at a business or agency increasing the chance someone will fall for the scam.
  • Spear phishing – A type of phishing scam that targets a specific victim and delivers a more realistic email known as a “lure.” These scams can be trickier to identify since they do not occur in large numbers.
  • Clone phishing – A newer type of phishing scam that clones a real email message and resends it to the original recipient pretending to be the original sender. The new message will have either an attachment that contains malware or a link that tries to steal information from the tax professional or recipient.
  • Whaling – Whaling attacks generally target leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can also target people in payroll offices, human resource departments and financial offices.
  • New Client Scam – Tax pros have been particularly vulnerable to emails where the sender posing as a potential client. Criminals use the “new client” scam to trick practitioners into opening email links or attachments that infect computer systems to steal existing client information.

Warning signs of a scam

Regardless of the type of phishing attempt, tax pros can protect themselves and their organization by staying alert and looking for warning signs like these:

  • An unexpected email or text claiming to come from a known or trusted source, such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS and other government agencies.
  • Receiving a duplicate email from what appears to be a known trusted source that contains a new attachment or hyperlink.
  • A message, often urgent in tone, pressuring the receiver to open a link or attachment. These messages have a false narrative, such as to update an expired password or some other urgent action is needed.
  • An email address, number or link that is slightly misspelled or has a different domain name or URL (irs.com vs. IRS.gov). A closer look at these email addresses – like hovering the cursor over the email address – can show slight variations on legitimate addresses.

Security Six adds up to more protection

As data thieves continue evolving tactics, the IRS and the Security Summit partners remind tax professionals of six essential steps to protect their sensitive taxpayer information. The “Security Six” protections offer a relatively simple but essential starting point for tax pros to protect their offices, computers, data and r clients from thieves and hackers:

  • Anti-virus software is a great first line of defense. Tax pros should install the latest software updates.
  • Firewalls are necessary to shield computers and networks from malicious or unnecessary web traffic.
  • Multi-factor authentication is a Federal Trade Commission requirement for all tax professionals to avoid cloud-based schemes.
  • Backup software or services on a routine basis to protect critical files against theft in a cyberattack and loss in case of device failure or a natural disaster.
  • Drive encryption transforms sensitive client data on the computer into protected files that are unreadable to outsiders.
  • Virtual Private Network provides a secure, encrypted tunnel to transmit data between a remote user over the internet and the company network.

Got a security problem or victim of a recent phishing attack?

For tax professionals who are victims of any of these schemes or identity theft, the IRS urges them to quickly contact their IRS Stakeholder Liaison to provide details of the situation. Tax professionals can also share information with the appropriate state tax agency by visiting the Federation of Tax Administrators Report a Data Breach page.

Additional resources

Tax professionals should also stay connected to the IRS through subscriptions to e-News for tax professionals, visiting IRS.gov and following IRS social media sites.

Page Last Reviewed or Updated: 15-Jul-2025