We are seeing a rise in attempts to gain unauthorised access to tax agent myIR accounts.
Recent incidents have involved account takeover, where customers are clicking malicious links that install malware on their device, giving the attacker remote access to the customer’s device. The attacker then accesses the customer’s myIR account to direct unauthorised refunds to the attacker’s own bank account.
What you need to do now
To help protect your account and your client accounts, please take the following steps.
- Be alert to emails from unexpected senders – do not click on unfamiliar links or open unexpected attachments. If you do click on a link, contact [email protected] to get immediate security remediation in case of any malware.
- Check your device for Windows Updates and apply any that are outstanding.
- Take extra care with bank account changes – carefully review any notifications of bank account updates and verify they are legitimate before taking action.
- Check client account details regularly – particularly bank account information and recent return activity.
- Act quickly if something looks wrong – contact us immediately if you notice any suspicious activity.
Key risk
We are aware that unauthorised bank account changes are being used to redirect refunds. Please take particular care to verify any bank account updates or related notifications.
We are continuing to strengthen our protections, but your vigilance is critical in preventing this activity.
If you have any concerns or need to report suspicious activity, please contact us as soon as possible.