IRS Warning on Phishing Emails Demands Attention

Recently, the IRS issued a warning that internet hackers have stepped up their phishing campaigns. Specifically, the hackers are increasing the usage of business email spoofing and business email compromise phishing campaigns. A common variation of this type is known as CEO Fraud or Gift Card Fraud (which HBK Risk Advisory services warned clients and colleagues earlier this month - Don't Fall for the Phish(ing) Bait).

The warning from the IRS highlights two versions of the phishing scam:
  1. Emails impersonating company employees to Human Resources staff members requesting changes to the "employees'" payroll direct deposit bank accounts.
  2. Emails impersonating company executives to the staff members responsible for wire transfers requesting a wire transfer to a specific bank account on the "CEO's" behalf.
Tips for Identifying Phishing Emails:
  1. Look for clues such as poor spelling or grammar, these are common in phishing messages.
  2. Don’t fall victim to the "urgent request" prompt. Unexpected messages that requires "your immediate attention" or are earmarked as "emergency" emails are often phishing scams.
  3. Be VERY skeptical! Place a phone call to the requesting employee or executive to verify the request of payroll or banking account changes.
Reminders of How to Keep Your Company's Electronic Messaging Cyber Safe:
  1. Implement a formal Cyber Awareness Campaign. It should include regular educational updates about the red flags of phishing email campaigns.
  2. Establish an inventory of your Information Technology (IT) assets (including data mapping).
  3. Implement or update IT Security Policies (including data classification).
HBK can assist with any of the above action items, as well as advise on additional cyber security topics. Contact Bill Heaven at for details or to schedule a business consultation.

Please indicate the industry that your company operates in: *

About the Author(s)
Bill is a Senior Manager in HBK’s IT Department and works out of the firm’s corporate office in Youngstown, Ohio. He specializes in cyber security, IT security, external IT audit, internal IT audit, IT consulting, software Development, IT governance, PCI-DSS, supply chain, system implementations and e-Commerce and has worked for a wide range of industries, including the Public Accounting field. Bill is a certified public accountant, a certified information system auditor, and a certified supply chain professional. He earned a Bachelor of Business Administration degree in Computer Science from Kent State University. Bill is a member of the American Institute of Certified Public Accountants (AICPA), the Ohio Society of Certified Public Accountants (OSCPA), the Information System Audit and Control Association (ISACA) and the Canfield Chapter of Rotary International.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.