Protecting your firm and clients against phishing scams

Alerts and notices
Leave feedback

Contact information (optional):

Leave this blank:

Please tell us how we can make this information more helpful.

Characters left:

According to recent data from the IRS and other agencies that monitor cybercrime, the number of “phishing” scam incidents continues to increase significantly every year. Therefore, it's important for you to be aware of these scams and to be vigilant in protecting your firm and your clients from these crimes. Here are some tips on how to avoid becoming a victim of this growing category of cybercrime.

What is "Phishing?"

According to the IRS, phishing is "a scam typically carried out through unsolicited email and/or websites that pose as legitimate sites and lure unsuspecting victims to provide personal and financial information."

The most common form of phishing occurs when a potential victim receives an email that looks like it's from a legitimate organization and that contains a link to a website. When the recipient clicks the link in the email, they are taken to a fake website that is almost identical to the organization's real site. The fake site will prompt the user for sensitive information that could compromise their data and privacy.

Just because you've received a phishing email, that does not by itself mean that your data has been breached. The breach occurs when you click a link in the email and enter your personal information on the bogus site. That's how the phishers get your information—and they'll use it before you even realize what's happened.

Cybercriminals can also take advantage of an email program's ability to execute HTML code, leaving the affected computer open to viruses, Trojans, and worms.

How would they get my email address?

Phishers use email addresses they've collected from numerous sources (e.g., websites, social media profiles, etc.), and send large quantities of emails with common terms, logos, and brands, knowing that most of those emails will go unanswered. But even if a few recipients fall prey to the scam, the criminals profit.

Here’s an example. Let’s say that a phishing email that appears to be from a bank is sent to 30,000 people, and 5% of those recipients actually have accounts with that bank. Even if only 5% of those customers click the link and enter their information, the criminals have gained full access to 75 bank accounts!

Remember, phishing attempts are likely being sent to thousands of email addresses, hoping to reach a few people who use our applications. If you receive a fraudulent email that appears to be from Thomson Reuters, it is not likely to be a result of any breach of data with Thomson Reuters.

How do I spot a phishing email?

Phishing emails are designed to look like legitimate emails so that the recipient won’t suspect that it’s not legitimate. As a rule, any time you receive an email that contains a link or file attachment — even if it looks legitimate — be cautious. Keep the following in mind as you read your email.

Look at the sender’s email address

If you do not recognize the email address or domain, be suspicious. You may not know that many companies, including Thomson Reuters, own more than one domain. If you receive an email from Thomson Reuters, it may have originated from one of several domains, other than

Be wary of attachments and links

Always be wary of attachments and links. Phishers will ask you to enter personal information that will give them access to your data. Be absolutely sure that the email is from a legitimate source before you open any attachment or click any link.

Thomson Reuters will never ask you to click a link to retrieve a software update or to download data. We direct you to go through your Thomson Reuters application to download the data you need.

When in doubt, don’t click! If you are unsure about a link or file, follow up with the company separately.

Other things to look for

Look for misspellings and improper grammar and a general unprofessional feel. It is likely that the criminals are more focused on making the content sound convincing than they are on the presentation and spelling. If the phishing email or linked website originated from another country, it is likely that English is not the author’s native language and, therefore, they may not use proper grammar or spelling in their content.

Always be wary of emails asking for highly personal information. Some phishing emails will have an air of urgency, telling you that you owe money immediately or that your account has been breached, and asking you to click a link to log in to your account or to enter information, including:

Sometimes you can tell right away that the website isn't real. But as internet criminals become more sophisticated, it gets harder and harder to distinguish the fake websites from the real sites. It is important that you be on the lookout for these types of scams.

Examples of phishing attempts directed at tax preparers

Not surprisingly, tax preparers—with their access to sensitive financial and client data—are often targeted in phishing scams. Following are some examples of phishing emails that have been sent.

An email is circulating that asks you to “validate” your login credentials to add new security measures.

This email message is designed to look like a legitimate email that was sent by your software vendor, and it refers to security updates that we implemented over the last year. This is another example of cybercriminals using social engineering tactics to trick staff into clicking fraudulent links and provide login credentials, which gives the criminals access to sensitive client and firm data.

If you receive an email like this, do not click the link. Any practitioners who have already clicked the link should immediately initiate their incident response plans, including having all staff within the firm update their passwords for their tax and accounting software.

Here’s an example of the phishing email.

Example of phishing email message

This scam involves an email that's disguised as an alert from the tax professional’s client. Specifically, the email — which may appear as if it originated from your software vendor and uses copies of the vendor’s official logos — claims that the client has uploaded tax organizer files to their portal.

If a staff member clicks the OPEN link in the email, they’re taken to a website mimicking a login screen from the vendor. By using that social engineering, the cybercriminials can capture any login and password information the staff member provides.

If you receive an email like this, and you are unsure if it’s really from a client, don’t click the link in the email, but rather use your normal method to navigate to the appropriate page. (Of course, that’s only one course of action to help prevent hacking in your firm; see IRS Publication 4557: Safeguarding Taxpayer Data for more information, and work with your trusted information technology staff or provider for more detailed plans.)

Any practitioners who may have already opened such an email, downloaded a file, or clicked such a link and entered their credentials, should immediately enact their incident response plan, which should include immediately changing your login credentials.

Here is an example of a phishing email.

Example email

This email claims that a substantial amount of money was accidentally transferred to your account and asks you to return the money. The email provides a specific case number, which makes it seem legitimate, and a link that supposedly takes you to a website where you can resolve the case.

Here’s an example of the bogus email.

Example of phishing email message

The sender of this email claims to have been referred by a mutual acquaintance and asks you to review a spreadsheet attachment. If a staff member opens the spreadsheet, it initiates a virus that infects their computer and potentially gives the cybercriminal access to data on that computer.

Here’s an example of the fraudulent email.

Example of phishing email message

The image below is an email alert that a county Sherriff's office distributed. Note that this email is legitimate; we included it here to illustrate to you yet another creative scheme that cybercriminals are using to trick you into sending them money. In this scam, the cybercriminals send an email that appears to be from your employer, asking you to purchase gift cards on behalf of the company and then to send an image of the gift card numbers to a phony email address or phone number. This gives the criminal access to the gift card.

Note: There are a number of tools and services (for example, IRS alerts or Nixle) available to those in your area and profession. We recommend that you consider researching and signing up for email alerts with one or more of these services.

Here’s an example of the alert email.

Example of phishing email message

If you or someone in your firm has already opened any such emails, downloaded a file, or clicked such a link and entered their credentials, or if you suspect that your data has been breached, you should immediately enact your incident response plan, which should include immediately changing your login credentials. See Jon Baron's blog article, Your Firm’s Been Hacked: Here’s What to Do Immediately for suggestions on what you can do.

You think this can't happen to you?

Most people think that this will never happen to them. Yet it happens every single day to unsuspecting victims, including accounting firms. These statistics may help to shed some light on the seriousness of the problem.

How can your firm protect sensitive client data?

To help prevent data breaches in your firm, see IRS Publication 4557: Safeguarding Taxpayer Data, and work with your trusted information technology staff or provider for more detailed plans. Although phishing isn’t specifically called out in this publication, it does include some high-level advice that will help fight all types of data theft and checklists to help you “grade” your current situation and guide you to a solution that fits your circumstances.

One particularly helpful piece of advice in the IRS publication: Write a plan detailing how you'll safeguard taxpayer information—and then put the appropriate safeguards into place. In addition to writing a plan and putting together safeguards, make it a priority to train your staff on how to spot phishing scams. And be sure to reinforce that training on a regular basis. Keeping your staff informed and well-trained will help alleviate the potential for problems in your firm. When they're overwhelmed with work during busy season, it's all too easy to quickly click a link—and regret it later.

Helping your clients protect their own sensitive data

It's just as important to pass this awareness and knowledge on to your clients, so they don't unwittingly fall prey to a phishing scam. Here are several crucial tips you can impart to your clients, from IRS Publication 4524, Security Awareness for Taxpayers.

Another way to help your clients safeguard their information is to use secure online portal technology. By offering an easy-to-locate login on your website, you can train clients to ignore any suspicious emails they receive and directly log in to their portal from your website—thereby ensuring they don't click malicious links.

Help catch the culprits—report phishing attempts

If you or your client receives an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, you can help in the investigation by forwarding the email directly to Learn more by visiting the IRS Report Phishing and Online Scams page.

At Thomson Reuters, we pride ourselves on being proactive when it comes to protecting our customers. If you or your client suspect that you have received a phishing email that appears to be from the IRS or any other source, please contact our Support department to let us know so that we can be aware and take steps to protect your data.

Additional information

For more information, see the following resources. What's this? External link

CS Professional Suite Data Security

Tax Scams / Consumer Alerts External link

Phishing and Other Schemes Using the IRS Name External link

Suspicious e-mails and Identity Theft External link

Share This