Phishing scam targets tax professionals

Hacked email account
Share this content

A government agency has sounded the alarm about fake software targeting tax professionals into downloading fake software updates to harvest their login details.

The scam was highlighted in the latest threat bulletin from the National Cyber Security Centre (NCSC - part of GCHQ) and originates from America, where it has been designed to coincide with the seasonal upgrading of tax software in the US. 

As reported on, the Internal Revenue Service (IRS) has stated that the fraud appears to target tax professionals more than personal users of tax software.

‘Software Support Update’

The NCSC report warns that the scammer will send phishing emails containing the subject line "Software Support Update", with the body text of the email emphasising the need for the user to download an important software update.

The user is then taken to a fake website designed to look like the software developer's portal and asked to input their login credentials in order to receive the ‘update’.

Once the scammer has access to the tax professional’s account the information is then used to steal client details.

The phishing emails are designed to look real, mimicking the legitimate software providers' email formats, with some emails even thanking recipients for continuing to trust the provider for their tax preparation needs.

“This sophisticated scam yet again displays cybercriminals' tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business,” stated the alert from the IRS.

“Accountants and professional service providers often hold large amounts of personal information on their clients so are a rich target for criminals seeking to access large amounts of sensitive data in a single attack”.

 ...timely attacks that exploit key deadlines”

The NCSC warned that although the scam originated in America, the threat is not unique to the US, and scammers are using similar tactics to target UK professionals in timely attacks that exploit key deadlines throughout the financial year.

While further measures are being put in place to prevent the spoofing of HMRC email addresses in similar UK tax-themed attacks, accountants and professional services firms are warned to take mitigative steps to protect client data, as criminals may regard them as less resilient than their banking counterparts, and therefore an easier target. 

The NCSC recommends that tax professionals who receive such emails should forward them to their tax software provider and Action Fraud.

Further information is available from the NCSC.

About Tom Herbert

Tom is editor at AccountingWEB, responsible for all editorial content on the site. If you have any comments or suggestions for us get in touch.


Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.