The emails have a subject line: "Security Awareness for Tax Professionals." The "From" line is "Your e-Services Team" and carries IRS and e-services logos that hyperlink to a phishing site that poses as an e-services registration page.
E-services users who have already clicked on the fake logo and provided their username and password should contact the e-services help desk to reset their accounts. If the same password is used for other accounts, these should also be changed.
Users should also perform a deep security scan on their computers, re-evaluate their security controls and be alert to any other signs of identity theft or data compromise.
The IRS warns professionals to go directly to IRS.gov to access services and click on links in emails. Suspicious email should send it as an attachment to This email address is being protected from spambots. You need JavaScript enabled to view it. and deleted.
The phony email claims information was stolen from certain user accounts in 2015 from a state-sponsored actor and requests users upgrade accounts.