The Internal Revenue Service has received reports at [email protected] of an email scam that claims to be an update from a legitimate state CPA professional organization. Instead, it is a scam that seeks to steal password information. The phishing email uses the name of a legitimate tax preparer who may also have been victimized. The email contains a PDF attachment that claims to be a “Secured File.” The attachment contains a hyperlink to view the file that the recipient is directed to open. The link directs the recipient to a phishing site that asks for the recipients email address and password.
Although the email scam has been sent to two East Coast CPA organizations, it is highly likely that the cybercriminals are using an email address list of a previous victim. Remember: do not share your email password with anyone. Never open attachments or links from suspicious sources and be cautious about opening links and attachment from sources that appear legitimate.