IRS Dirty Dozen: How Email and Text Scams Put Your Business at Risk

Introduction:

The IRS releases an annual list known as the “Dirty Dozen,” highlighting the most dangerous tax-related scams circulating right now. In this post, Jon Markee, your Builder CPA, breaks down the number one threat on that list, email and text phishing scams, and explains why even savvy business owners need to stay on high alert.

What Is the IRS Dirty Dozen?

The IRS Dirty Dozen is a list of the most common and dangerous scams targeting taxpayers. It’s updated regularly to reflect current threats, making it a valuable resource for business owners. When researching anything IRS-related, always confirm that the website ends in .gov. This is your best indicator that the source is legitimate.

Phishing and Smishing Explained

Most people are familiar with phishing, which involves fraudulent emails pretending to be from trusted sources. But there’s also smishing, a newer variation that uses text messages or SMS. These messages often contain alarming language like “your account has been put on hold” or “unusual activity detected,” followed by a link urging immediate action.

Another common tactic is the promise of an unexpected tax refund or urgent account update. These messages are designed to create panic and rush you into clicking a link or providing sensitive information.

Why These Scams Are Harder to Detect Than Ever

In the past, scam emails were easier to spot. They came from suspicious email addresses or were poorly written. Today, advances in AI have made scam emails and text messages look incredibly legitimate. Even individuals who are usually cautious can be fooled.

Some links appear authentic, such as long Google Drive URLs, but actually redirect users to malicious websites that install malware. This makes blindly clicking links more dangerous than ever.

Best Practices to Protect Yourself

Before clicking any link in an email or text message, hover your mouse over it to see where it truly leads. Better yet, open a new browser window and navigate directly to the website instead of clicking the link.

If you ever receive a request to transfer funds, move money, or provide sensitive information, don’t rely on email or text alone. Pick up the phone and make an old-fashioned call to verify the request.

Why Cybersecurity Matters Especially for CPA Firms

CPA firms are under constant cyberattack, making cybersecurity a non-negotiable priority. If your CPA or accounting professional does not take cybersecurity seriously, it may be time to reevaluate that relationship. A single breach can put sensitive financial and personal data at risk.

Final Thoughts

Email and text phishing scams are the most dangerous threat on the IRS Dirty Dozen list, and they’re only getting more convincing. Even if you think you can spot a fake message, take extra precautions. A moment of skepticism can save you from major financial and data losses.

For more insights like this, watch Jon Markee’s video series covering the IRS Dirty Dozen. As always, thanks for reading and stay vigilant.