It’s that time of year again and with millions of Americans scratching their heads trying to create an online account with the IRS, cybercriminals are busy preying on vulnerable taxpayers with great variety of scams.
In an email sent to Tech Radar Pro, cybersecurity firm Proofpoint has provided additional information on the top types of tax-time phishing scams consumers and businesses need to watch out for this year. While there are a few main IRS-related phishing archetypes, there are actually hundreds of different variations that use attack vectors like emails, text messages, and even actual phone calls.
One of the major tax scams involves cybercriminals attempting to gain access to a user’s personally identifiable financial information (SSN, W2, unemployment compensation details, etc.) in an attempt to redirect a tax refund. tax to an account controlled by the attacker. At the same time, cybercriminals and scammers also try to access financial information to spy on a company or even monetize it directly by reselling it on online hacking forums.
Cybercriminals also attempt to access a user’s account credentials with the aim of taking over their online accounts to steal funds or even commit identity theft.
In all of these cases, threat actors are likely to leverage the IRS mark because they are pretending to be a tax authority, either by communicating that legitimate information such as a change in a form or process is necessary, or by attempting to collect payment. Additionally, Proofpoint has observed a variety of non-IRS tax scams in which cybercriminals advertise their “tax preparation services.”
How to spot tax scams and tax season phishing
When it comes to malicious content used in tax season phishing, cybercriminals are deploying the same tactics they use all year but this time the number of potential victims is even higher because all American adults are required to file their taxes each year.
A tax scam observed by Proofpoint involves threat actors pretending to be the IRS with the demand for an additional refund. However, when a potential victim clicks on the “Click here” link in the malicious email, malware is installed on their system instead.
Cybercriminals also use malicious Word documents that force a user to enable macros. One such example installs and runs the Ave Maria backdoor if a user falls for the scam and enables macros in the document. Other tax scams involve cybercriminals sending tax documents such as W-9 forms that also install malware on their devices if a user enables macros or types the password in an encrypted document.
When it comes to avoiding tax scams every year, the number one thing consumers and businesses should remember is that the IRS will never contact you by email or phone, as the government agency prefers to do old fashioned things by mail. IRS agents may try to call you, but only after first contacting you by mail.
Just like avoiding other online scams, you should remain vigilant by not opening emails from unknown senders and especially those with attachments. However, you should also avoid checking your banking apps and other financial apps while connected to public Wi-Fi and if you need to check your balance, make sure to turn on your VPN first.