CPAs are burning the midnight oil as tax season heads into the home stretch … and so are cybercriminals.

Always on the lookout for creative new ways to bilk honest Americans out of their money, thieves have launched a scam that centers on e-mail messages that claim to come from legitimate state CPA organizations.

“Instead,” reports IRS National Public Liaison Mike Deneroff, “it is a scam that seeks to steal password information. The phishing e-mail uses the name of a legitimate tax preparer who may also have been victimized. The e-mail contains a PDF attachment that claims to be a ‘secured file.’ The attachment contains a hyperlink to view the file that the recipient is directed to open. The link directs the recipient to a phishing site that asks for the recipient’s e-mail address and password.

“Although the e-mail scam has been sent to two East Coast CPA organizations, it is highly likely that the cybercriminals are using an e-mail address list of a previous victim,” Deneroff added.

The best advice is the stuff we’ve all heard time and time again. From Deneroff:

• Never share your e-mail password with anyone.
• Do not open attachments or click on links from unknown or suspicious sources.
• Be cautious about clicking links or opening attachments, even from sources that appear legitimate.

Our thanks to the folks at the AICPA for sharing the IRS alert with us.

For details on other recent cyberscams, check out these articles:

• Tax preparers are prime cybercrime targets (Accounting Today)
• Nothing is certain, except death and taxes … and phishing (CPA Practice Advisor)
• IRS reminds seniors to remain on alert to phone scams during tax season (IRS)
• IRS, states and tax industry warn of last-minute e-mail scams (IRS)