IRS Warns Tax Pros About Spear-Phishing Scams

Phishing emails are a common threat found in your inbox. While these scams range from too-good-to-be-true business opportunities to aggressive threats from “government agencies,” one specific type—spear-phishing scams—can be more challenging to identify at a glance because they are custom-built for each target.  

The Internal Revenue Service shared a Security Summit warning about a new spear-phishing scam that specifically targets tax professionals. These messages appear to come from the IRS—even including the agency’s logo—or “a tax preparation application provider,” and they direct recipients to click on an embedded link to resolve an issue with their tax software account or download an “unusual activity report.”

Remember, knowing what to look for can help you avoid falling victim to these scams. So, tax professionals should be on the lookout for any email that contains a subject line like “Action Required: Your account has now been put on hold,” and this is an example of one of these emails that was provided by the IRS:

Your account has now been put on hold

ALL preparers are required to apply security feature to their Tax Pro account towards 2021 Tax Returns processing.

You have failed to apply new update before expiry date

You are restore and update your acc|ount immediately.

Please Click Here to update your acc|ount now.


Failure to update your account within the next 24hours will lead to you account being terminated and be barred from filing tax returns claims for 2021 tax season Your access will be restored once you have updated your details.

Sincerely, eServices

What should I do if I receive one of these spear-phishing emails?

If you receive an unexpected or suspicious email—even if it appears to be from a trusted source like the IRS—never respond to the sender or click on embedded links and attachments.

When you respond to an email, two things generally happen:

  • You let the criminals know that they sent their scam to an active email address
  • You accidentally share information that criminals can use to steal your information

Clicking on links and attachments is also dangerous since they can “download malware onto [your] computer;” the Summit warns that these phishing emails appear to generate a pop-up containing fields where victims are expected to enter information.

What should I do if I clicked on a link in one of these spear-phishing emails?

If you fell victim to one of these spear-phishing scams, the Summit says you should immediately contact Support for your tax preparation software provider. Next, they say you need to take the following steps to report the scam:

  • Save the email as a file and then send it as an attachment to [email protected]
  • Notify the Treasury Inspector General for Tax Administration at to report the IRS impersonation scam

The IRS release closes with links to additional resources:

What is the Security Summit?

The Security Summit is a partnership between the IRS, state departments of revenue, and the private tax industry that is dedicated to raising awareness of tax-related data security threats. This group hosts outreach campaigns throughout the year, providing data-security alerts and tips to taxpayers and tax professionals.

To learn more, visit the “Security Summit” page on

Source: IR-2022-36

Story provided by