Tax season is here, and you know what that means: time to get busy with your clients’ tax returns. But before you start crunching those numbers, you need to watch out for a sneaky scam that could put your business and your clients’ data at risk.

The IRS and the Security Summit partners have warned tax professionals about a new wave of phishing emails where cybercriminals pretend to be potential clients. They send you fake emails asking for your help with their taxes, hoping to get access to your sensitive information or infect your computer with malware.

These scammers are not your average crooks. They are sophisticated and cunning, and they know how to make their emails look convincing. They may even use stolen email accounts or spoof legitimate organizations to fool you. They target tax professionals like you because they know you have valuable client data that they can use to file fraudulent tax returns or commit other crimes.

Don’t let these scammers ruin your reputation and your business. Here are some tips on how to spot and avoid these “new client” scams, and what to do if you or your clients become victims.

How to Spot a “New Client” Scam

There are two ways that these scammers may try to lure you in. One is by sending you an email directly asking for your help with their taxes. The email may contain a malicious link or attachment that could compromise your system or steal your data. The other is by sending you an initial email asking if you are accepting new clients. If you reply, they will send you a follow-up email with a malicious link or attachment.

Either way, the goal is the same: to trick you into clicking on something you shouldn’t. Here are some red flags to look out for in these emails:

• The email is unsolicited and unexpected. You don’t know the sender or have any prior contact with them.
• The email is poorly written, with awkward sentences, odd word choices, or grammatical errors. This could indicate that the email was written by a non-native speaker or a computer program.
• The email is urgent, pressuring you to act quickly or risk missing a deadline or an opportunity.
• The email asks you to click on a link or open an attachment that claims to be their tax information, credentials, or documents. The link or attachment may look legitimate, but it could lead you to a fake website or download malware onto your computer.
• The email asks you to provide personal or financial information, such as your email address, password, bank account, or credit card number. The scammers may use this information to access your accounts or make unauthorized transactions.

Here’s an example of a “new client” scam email that the IRS has seen recently:

Subject: 2024 Tax Submission

Hello,

My name is (name can vary), I am searching for another CPA to help handle my taxes.

Is it safe to say that you are accepting new clients for the 2024 tax season? Do you additionally assist with IRS representation?

I figured I may have an issue with last year’s return. (Click) HERE TO VIEW MY CREDENTIAL [Link to a phishing web address]

Upon your approval, we can arrange a physical or virtual meeting to discuss my situation and also provide my tax documents amongst others.

Kindly prompt how you plan to push ahead.

Best Regards,

(Name varies)

Here are few examples of a “new client” scam email that our tax firm has seen recently:

EXAMPLE 1: Subject: RE: 2023 Taxes NJ

Good Morning,

I hope you’re having a good day and a Happy New Year. We would like for you and your company to do our 2023 tax returns. My wife had always handled our tax returns until
this year. Our financial position has changed and she has also taken on more responsibility at work. I’ve decided that having a professional prepare my tax return is the best option
for me right now.

I am confident that our tax documentation is reasonably well-organized. We earn revenue via rental properties (AirbnB), stock options, dividends, and interest in addition
to our employment income. What is a reasonable figure for the charge for preparing returns at your firm?

Do you have worksheets that we can fill out? [Link to a phishing web address]

What other documentation will you need?

I always start early so that by the time we have all the federal forms we are ready to file.

Kindly reply to this email to acknowledge receipt and your availability.

Find the 2022 Tax Returns, 2023 Balance Sheet and Profit & Loss in the encrypted doc below. Password to Encrypted File is XXXXXX. VIEW-TAXDOCUMENTS.PDFS.Please Call me
after reviewing the documents. Phone number is XXX-XXX-XXXX. Looking forward to hearing from you

EXAMPLE 2: Subject: NTg= RE: 2023 Taxes

Good Morning,

I was wondering if you offer tax services for the year 2023. If you do, would it be possible for me to email you all of my documents?

My wife and I run a construction company, so we would need both our personal and business taxes taken care of.

If you are available to take on new clients, can we send you our 2022 Taxes for a quote? Our Balance Sheet and P&L are already prepared.

Reply to this email or send an email to [Link to a phishing email address]

We can Schedule a Zoom Meeting/Phone Call after the documents have been reviewed or if you have any additional information.

Best regards.

EXAMPLE 3: Subject: Re: Tax Consultation and Services

Good Morning,

I hope this message finds you well. My name is xxxxxxx, a DevOps specialist and owner of a tech consultancy business. I am writing to express my interest in your tax accounting services for the current tax year

Working in the tech industry, I understand the importance of having a professional handle the financial aspects of my business, particularly concerning tax matters. Given your reputation and expertise in the field, I am confident that your services could greatly benefit my business.

Before we proceed, I would appreciate some information to better understand your onboarding process. Could you kindly provide a detailed overview of what the initial stages of our engagement would entail?

Moreover, as my schedule can often be unpredictable, I am interested in understanding your preferred methods of communication. Are you more inclined towards traditional methods such as phone and email, or are you open to leveraging more modern platforms such as Slack, Zoom or Microsoft Teams?

I believe that engaging your services could provide significant benefits for my business. I am eager to ensure my tax affairs are handled diligently, accurately, and in compliance with all relevant regulations.

Thank you for taking the time to read my email. I look forward to your response and further discussions about how we might collaborate.

To give you a better idea of my tax history, I’ve attached a copy of my prior returns [Clickable File] to this email via Zoho Drive. The password to access the file is xxxxxx. I hope this will make our phone conversation more productive and help you get a clearer picture of my situation.

If there’s anything else you need from me, just let me know! I’m available for a call on Thursday and Friday between 10:00 AM and 3:00 PM EST. Just let me know which day and time works best for you, and I’ll do my best to make it happen.

EXAMPLE 4: Seeking Your Expertise for Our Tax Situation

Good Morning,

I hope you’re having a great day. I came across your website while searching for a reliable CPA to help me and my spouse with our tax preparation. Usually, I’m a DIY tax kind of person, but this year, it all feels like too much for this amateur. I recently got married, and my spouse has two children from a previous marriage. Both of us have W2 incomes, and my spouse also has income from two Airbnb he manages.

I have always filed as a single taxpayer and I believe he filed as head of house hold for a while now. but now with our combined income and dependents, things are looking way more complicated than my brain can handle. With this in mind, I’ve attached our 1040’s for years 2021-2023 to give you a better understanding of our individual financial background and tax history. I would appreciate it if you could take a look at them and let me know if you can help us.

[Clickable File][TAXDOCUMENTS]

Given these changes, I am seeking your expertise to ensure that my spouse and I navigate this tax season correctly and take advantage of any potential benefits that our new status may afford us. I hope to establish a relationship with a CPA who can not only help us this year but also in the years to come as our family and financial situation continues to evolve.

Could you please provide me with an estimate of your fees and any initial information you need from us to get started? Additionally, I would appreciate it if you could give me a rough timeline on how soon we could begin this process if you choose to take us on. I would also assume that you must have your hands full at this time of year, but I would truly appreciate a prompt reply so we can take the necessary next steps as soon as possible.

The password to the file is XXXX@ Thank you very much for considering my request. I look forward to the possibility of working with you and am eager to hear from you soon.

EXAMPLE 5: New Client Inquiry for CPA Services

Good Morning,

I hope you are doing well as I write this. I’m contacting you because I need a new CPA to help me with some financial issues. I’ve been looking for a professional with whom I can build a long-term, trustworthy relationship since my last CPA retired. I found your prestigious practice through some research, and I was struck by the kind of work and reputation you and your firm had established.

I would want to know how much using your services to file my taxes for 2023 will cost. To assist me reach my financial objectives, I must collaborate with a CPA who can offer proactive guidance, individualized attention, and strategic planning.

I consider switching to a new CPA to be a big decision, and I’m determined to locate the best expert to handle my financial matters. I have no doubt that you would be the best person to meet my needs given your background and commitment to client satisfaction.

I would value the chance to talk about how we may collaborate to efficiently handle my financial affairs. Kindly let me know when it would be most convenient for us to meet in person or remotely for an initial session to discuss the prospect of developing a professional partnership.

In accordance with our ongoing process, I have enclosed my driver’s license, Social Security card, Schedule C, and W-2 forms. Kindly find the attachments here[CLICKABLE LINK].

Once you have had the opportunity to review the documents, I would appreciate it if we could schedule a time to discuss any further steps or address any questions you may have. Additionally, please let me know the most convenient time for a phone conversation.Thank you for your prompt attention to this matter. I look forward to our discussion.

Can you spot the red flags in this email? Here are some clues:

• The email is unsolicited and unexpected. You don’t know the sender or have any prior contact with them.
• The email is poorly written, with awkward sentences, odd word choices, or grammatical errors. For example, “Is it safe to say that you are accepting new clients” or “Kindly prompt how you plan to push ahead”.
• The email is urgent, pressuring you to act quickly or risk missing a deadline or an opportunity. For example, “I figured I may have an issue with last year’s return” or “Upon your approval, we can arrange a meeting”.
• The email asks you to click on a link that claims to be their credentials. The link may look legitimate, but it could lead you to a fake website or download malware onto your computer.

How to Avoid a “New Client” Scam

The best way to avoid falling for a “new client” scam is to be cautious and vigilant when receiving any email solicitations. Here are some tips on how to protect yourself and your clients from these scams:

• Don’t click on any links or open any attachments in unsolicited emails. If you are not sure about the sender or the content of the email, delete it or mark it as spam.
• Verify the identity of the sender by using another communication method. For example, if you receive an email from a potential client, call them using a phone number that you independently know to be accurate, not the one provided in the email. Or, if you receive an email from a friend or colleague, text or call them to confirm that they sent you the email.
• Use two-factor or multi-factor authentication with your email provider. This adds an extra layer of security to your email account, making it harder for hackers to access it. You can set up two-factor or multi-factor authentication in your email settings or by contacting your email provider.
• Educate yourself and your clients about the latest tax scams. The IRS and the Security Summit partners regularly update their websites with information and alerts about tax-related identity theft and phishing scams. You can visit IRS.gov to learn more.

How to Report a “New Client” Scam

If you receive a “new client” scam email, don’t ignore it or delete it. Report it to the authorities and help them stop these scammers from harming more people. Here are some steps to follow if you encounter a “new client” scam:

• Report the email to the IRS. Forward the email – including the full email headers – to phishing@irs.gov. This will help the IRS track and investigate these scams and warn other tax professionals and taxpayers about them.
• Report the email to other agencies. If you or your clients experience any monetary losses or other damages due to a “new client” scam, report it to the Treasury Inspector General Administration (TIGTA), Federal Trade Commission and the Internet Crime Complaint Center. These agencies can help you recover your losses and prevent further fraud.

How to Recover from a “New Client” Scam

If you or your clients become victims of a “new client” scam, don’t panic. There are ways to recover from the data breach and protect your identity and finances. Here are some steps to take if you or your clients are affected by a “new client” scam:

• Contact the IRS and law enforcement. If you suspect that your or your clients’ data has been compromised, contact the IRS and law enforcement as soon as possible. The IRS has a special team of Stakeholder Liaisons who can help you report the data theft and notify IRS Criminal Investigation and other agencies on your behalf. You can find your local Stakeholder Liaison representative here. You should also contact the Federal Bureau of Investigation, the Secret Service, and the local police to file a report on the data breach.
• Contact the states where you prepare state returns. If you or your clients file state tax returns, you should also contact the state tax agencies where you prepare state returns. The Federation of Tax Administrators has a special “report a data breach” web page where you can find the contact information and guidance for each state.
• Contact the State Attorneys General. Most states require that the state attorney general be notified of data breaches. You can find the contact information for each state attorney general here.
• Have a written security plan. As a tax professional, you are required by the Federal Trade Commission to have a written security plan to protect your and your clients’ data. The Security Summit has developed a special document that can help you create a Written Information Security Plan (WISP) for your business. You can download the document here.

Tax season is a busy and stressful time for tax professionals and taxpayers alike. But it doesn’t have to be a time for scammers to take advantage of you and your clients. By following these tips and resources, you can protect yourself and your clients from “new client” scams and other tax-related identity theft and phishing scams. Remember, the IRS and the Security Summit partners are here to help you and your clients stay safe and secure during tax season and beyond. Stay alert, stay informed, and stay safe!