Spear Phishing scheme targeting practitioners using EROs

03 February 2017

Spear Phishing scheme targeting practitioners using electronic return originators (EROs):

Trending across the practitioner community.  This scheme is committed by entities that represent themselves as Fastsupport.com or Onlyforsupport.com.  They are contacting practitioners after they have identified which ERO the practitioner uses to transmit returns.   The caller suggests the ERO needs to reinstall or correct problems with their software.  The caller states they are working on behalf of the ERO and can help resolve the problem by having the practitioner connect to their website, get a passcode from them, and then give them access to the practitioner's computer.  Once they have access to the computer, they take over the practitioner accounts.