June 16, 2024

Through a recent warning, the Internal Revenue Service alerted tax practitioners of a rising trend within cybercrime. This year, criminals pretending to be new tax clients to defraud tax professionals are becoming increasingly common proportionally.

The IRS, its Security Summit partners in the private and public sectors, are no stranger to this type of scam. However, they have noticed an alarming increase in such “new client” scams, especially with the opening of the 2024 tax season on January 29. Posing as actual taxpayers seeking tax support, these fraudsters use trickery and email tactics in an attempt to gain access to tax professionals’ client data or to collect sensitive information.

“These elaborate email scams pose substantial risks, both to the tax professionals themselves and their represented taxpayers,” asserted IRS Commissioner Danny Werfel. “These cybercriminals pass themselves as actual tax clients seeking help during the tax seasons. Their actual intention, however, is to get their hands on the sensitive client data of tax professionals. We strongly encourage professionals to be wary of odd email solicitations, to avoid following any links, or opening any attachments that they might contain.”

Cybercriminals target personal information in these operations. Their objective is to use that sensitive data to create plausible tax returns. These counterfeit tax returns would in turn be used to request refunds or conduct other types of fraud.

The IRS received hundreds of related reports at phishing@irs.gov last year alone. Among these reports, around two-thirds of the 400 reported instances of business email compromise or business email spoofing came from such new client scams. There are likely thousands more such incidents occurring without official notification.

The IRS provided a current example of the sort of new client scam they are encountering:

Subject: 2024 Tax Submission


I am (name can vary). I’m in search of another CPA to help handle my taxes. 

Can you confirm that you are currently taking on new clients for this 2024 tax season? Can you also offer IRS representation?

My last year’s return might have an issue. (Click) HERE TO VIEW MY CREDENTIAL

If you approve, we can arrange either a virtual or physical meeting to go over my situation and check my tax documents among other things.

Please explain your next steps.

Best Regards,

(Name varies)

An email from a scammer might ask for tax help and contain a deceptive link or attachment. Or they could use a more subtle approach, initially inquiring if the tax pro is currently taking on new clients. When a response is received, a second email with the harmful link or attachment is sent.

The preparer might think they are receiving tax information from a potential client or visiting a site containing said data. However, this process allows the cybercriminals to gather the preparer’s email address, password, and possibly more, in addition to potentially loading malware on the tax pro’s computer.

A common red flag signaling one of these new client scam emails is odd or awkward phrasing. But, stolen legitimate emails repurposed as a phishing scam might appear completely normal and raise no suspicion. This is why it is good practice to verify a sender’s identity using a different method, like independently confirming a phone number, rather than relying on the information provided in the email.

Frequently Asked Questions

What can I do if I Receive Such an Email?

If you receive such an email, report it immediately to the Internal Revenue Service at phishing@irs.gov. Be careful not to click on any links or download attachments as these could potentially contain malware.

What Steps can I Take to Protect Myself?

Ensure that you have strong, unique passwords for all of your accounts. Enable two-factor authentication wherever possible to add an additional layer of security. Always be cautious of unexpected emails and verify the identity of the sender through alternative methods.

How can I Spot a Scam?

Scam emails often contain poor spelling or grammar, and may ask for personal information via email or through a link. If something seems suspicious, it probably is. Trust your instincts and verify the sender’s identity independent of the email you received.