Outsmart IRS Phishing Scams in 2025 with Cybersecurity

Digitalization of accounting and tax preparation have equipped CPA firms with superior abilities in 2025. But with every technological development, there is more risk of a cyber attack. In July 2025, the IRS and IRS Security Summit partners sent out their strongest warning yet: Tax professionals need to be careful about phishing email, smishing, and other types of cyber attacks.

With phishing attacks growing more sophisticated, cyberattacks now specifically target accountants, tax professionals, and CPA firms in the US, following penetration of client data, IRS portals, and firm networks.

Let us understand what IRS phishing scams are like in 2025, how they are being created, how they are impacting tax professionals, and how CPA firms can protect themselves against them with cybersecurity.

Why are IRS Phishing Scams Increasing in 2025?

Cyberthieves have advanced, making use of remote working, cloud accounting, and web-based IRS communication tedious. IRS phishing scams in 2025 are rising due to:

• Increased usage of email, SMS, and web portals for reporting

• Increased number of accountants working remotely or abroad

• Increased, unsuspected increase of senior-level, socially engineered phishing attacks

• Tax season urgency to make more snap decisions on the employees' part

Some of the most high-risk scams targeting CPA firms are:

• Phishing Emails: Spoof emails claiming to be the IRS, computer software companies, or even clients and deceive recipients into giving away login credentials or installing spyware.

• Smishing Texts: Text messages that look rushed, for e.g., suspending your account at the IRS, with links to spoofed websites.

• Spear Phishing: Highly targeted, well-crafted e-mails with real information about your company, pulled off from your social media or website.

• Clone Phishing: Nearly impossible to detect as real e-mails but with malicious links or attachments.

• Whaling Attacks: Spoof the top company executives or CEOs with personalized messages asking for instant access to credentials or transfer of funds through wire.

• "New Client" Scams: Purport to be potential clients email your firm with virus-file attachments or "client files" links.

What Generally Happens in a Large-Scale Phishing Attack?

This is the way the scams generally go:

• A tax practitioner receives an email that appears to be legitimate, i.e., coming from a familiar source, e.g., a client, the IRS, or tax product providers marketing tax products.

• The email contains a link or an attachment. These will ask the recipient to "log in," "reset your password," or "verify client information."

• The malware gets downloaded secretly or the user is asked to provide their login credentials on a spoofed login page that steals their usernames and passwords.

• The target? Personal client tax data, firm login credentials, banking details, or initiate bogus returns to steal refunds.

How to Recognize a Phishing or Scam Threat

The IRS Security Summit calls on tax preparers and CPA firms to be vigilant for these warning signs by text or email:

• Unrequested that affirm facts through email or SMS

• Grammatical errors or misspellings in the subject line or body of an email

• Misspelt names that are slightly different from spam email sender names

• Spam emails with generic greetings such as "Dear Taxpayer" or "Dear Customer"

• Malicious attachments (PDFs, Excel files, zip files)

• Harassing language like "Reply within 24 hours!" or "Your account is suspended"

• Spam messages asking for Social Security numbers, birthdays, or bank accounts through insecure channels

Tip by The Fino Partners: Request an opportunity to inspect questionable mail by phone through established, authorized channels, never hit "reply" on suspicious mail.

The "Security Six" That All Tax Professionals Should Know

To assist in preventing phishing and other scams, the IRS and Security Summit partners recommend these six key steps to cybersecurity:

Anti-virus Software

Install professional-strength anti-virus software on all machines.

Firewalls

Secure office networks with hardware and software firewalls to keep out intruders.

Multi-Factor Authentication (MFA)

Use MFA on email, cloud apps, IRS e-Services, and client portals. It's the #1 way to keep the bad actors out even if they have your password.

Backup Systems

• Backup your firm's data from time to time to preserve local drives or encrypted cloud backup files.
• Encrypt sensitive information such as tax returns, W-2s, and client bank account information so that in the event of stolen laptops or other devices, the information will not be disclosed.

Virtual Private Network

Institute a VPN for all offsite connections so that data transmission is secure.

Why Small CPA Firms Are Particularly Vulnerable

Although they might have more clients, solo CPAs and small tax practices are the flavor of the month if the goal of phishing attacks is aimed at them because:

• They typically don't possess in-house IT personnel

• Security is less formalized

• Offsite computing or offshore collaboration heightens chances of errors

• They might maintain client information in non encrypted computers or third-party computers

• Hackers know that small companies have less protection but hold valuable information.

Best Practices to Avoid IRS Phishing Scams in 2025

Below are the steps to improve your cybersecurity practices:

1. Review Your Written Information Security Plan (WISP)

Develop or revise an official WISP for your company. IRS Publication 5708 provides useful templates. Put in policy for:

• Password generation and update

• Safe data transfer

• Management of phishing response procedures

• Device encryption

• Data-sharing arrangements with foreign customers and employees

2. Train Your Employees

Perform monthly or quarterly cybersecurity awareness training. Train all employees to:

• Identify phishing emails

• Don't open attachments or emails from suspicious email sources

• Report spam email

• Use secure password managers

3. Use Secure Portals for Client Communication

• Never send Social Security numbers, W-9s, or tax returns via email. Use HIPAA or FINRA-approved file-share programs.

4. Install DNS and Email Protection Software

• Use email authentication controls such as SPF, DKIM, and DMARC.

• Block phishing sites in your endpoint security or firewalls

What to Do If You've Been a Victim of a Phishing Scam

Respond quickly and respond in a manner that will contain the damage to what it is. Your response plan must be to:

• Remove the infected computers from the network.

• Update all passwords, particularly those employed with email, financial software, and IRS e-services, immediately.

• Notify the IRS immediately by calling them via their phishing email address ([email protected]) and start client breach notifications where necessary.

• Alert your cybersecurity team or outsourced IT services to start incident recovery.

• Report the event to the FBI’s IC3.gov portal and the Federal Trade Commission.

• Document everything for compliance and insurance purposes.

Real IRS Phishing Scams Tax Professionals Are Experiencing in 2025

Below are some of the real examples of IRS phishing scams:

• “Your e-Services account has been locked. Reset now.”

• "Confirm your refund details to prevent delays."

• "You are eligible for a 2025 tax refund. Click on this link to receive."

• "IRS Taxpayer Advocate communication, your action needed."

• "Compromised tax software account. Check credentials ASAP."

Even suspicious IRS images and return stamps are used in such attacks so that they appear genuine. Even vintage workhorses were deceived in 2025.

Best Cyber Security Practices for CPA Firms

Here are some of the cybersecurity practices for CPA firms that are suggested by The Fino Partners:

• MFA on all software, cloud, and email

• Train employees bi-weekly for ransomware and phishing alerts

• Store data in secure cloud infrastructure, not local disk drives

• Have endpoint security tools with lateral motion detection feature

• Segment sensitive customer information between tools and levels of access

Keep in mind: A hacked email is not simply a technical problem, but an outright business and legal disaster.

Tools Every Tax Professional Should Bookmark

Get familiar with these IRS and industry reports to enhance your cyber protection even more:

• IRS Publication 4557 – Safeguarding Taxpayer Information

• IRS Publication 5709 – Best Practices for Secure Messaging

• IRS Dirty Dozen Scam List – Yearly Update

• IRS Identity Theft Information Center: irs.gov/identity-theft-central

• Federation of Tax Administrators (fta.org) – State-level breach reporting guides

• FTC Data Breach Reporting Guidance: ftc.gov

Helpful Links

• Extension Filers: IRS Suggests Filing Early with Free File
• IRS 2025 - New Rules for Multimillionaires’ Tax Audits
• Top 7 Bookkeeping Errors That Lead to IRS Notices in the USA

Your company's reputation, income, and survival in the year 2025 and beyond all hang in the balance as they depend on the effectiveness of your cyber security and privacy policies. Phishing and other data breaches are no longer the rare annoyance they used to be today, they've become an everyday threat. You require phishing-resistant processes, trained employees, cloud security, and security measures in place in order to remain compliant, safe, and competitive.

As a CPA firm or tax practitioner, your clients have entrusted some of their most personal financial data with you. Being serious about cybersecurity, from people to tools and policies, is part of keeping and regaining trust. Disregarding the phishing attack trend is not just unwise, it could result in IRS penalties, litigation, loss of licensure, or outright business closure. So, contact The Fino Partners today to know more about best cybersecurity practices for your CPA firm or company.