During tax season, tax phishing scams are rife. If cybercriminals can steal personal information such as the information contained on W2 forms, they can use the information to file fraudulent tax returns. Each set of credentials can net cybercriminals thousands of dollars. Attacks on businesses can be even more profitable. If an attack results in the theft of the tax credentials of a company’s entire workforce, hundreds of fraudulent tax returns can be filed.
The IRS works hard to combat fraud, but even so, many of these attacks are successful and fraudulent tax refunds are issued. This week, as part of its efforts to combat tax fraud, the IRS has launched its 2019 Dirty Dozen campaign. The campaign raises awareness of the threat of tax fraud and encourages taxpayers, businesses, and tax professionals to be vigilant.
The campaign features 12 common tax scams that attempt to obtain personal information or access to systems that contain such information. The campaign will see a different scam highlighted for 12 consecutive days. The campaign was launched on March 4 with the biggest threat in tax season: Tax phishing scams.
Common Tax Phishing Scams
Tax phishing scams are constantly evolving and each year several new tax phishing scams are identified. The most common scams and attacks are:
- Business Email Compromise (BEC) attacks
- Business Email Spoofing (BES) attacks
- Email impersonation attacks
BEC attacks involve the use of a genuine business email account to send messages to employees requesting the W2 form information of employees, changes to business account information, requests to reroute direct deposits and make fraudulent wire transfers. The attackers often gain access to a high-level executive’s email account through a spear phishing campaign. BEC is one of the most common business tax phishing scams.
BES attacks are similar, except that no email account has been compromised. The email address of an executive or other employee is spoofed so that emails appears to have been sent from within an organization.
Email impersonation attacks are common during tax season. Scammers impersonate the IRS and use a variety of lures to obtain personal information. Common lures are threats of legal action or fines for outstanding taxes and offers of tax refunds. They often direct users to a website where they are required to enter their personal information. These phishing webpages are also linked to on social media websites. The clients of tax professionals may also be impersonated. Emails often request changes be made to direct deposit accounts or contain requests for sensitive information.
Malware is often used to gain access to the computers of tax professionals, and employees in the payroll and HR departments. Keyloggers are commonly used as they allow the attackers to steal login credentials. Malware can also transfer files containing sensitive information to the attackers’ servers. Malware is often installed via scripts in email attachments – malicious macros for instance – or via drive-by downloads from malicious websites.
New Phishing Scam Targeting Tax Professionals
One of the new tax phishing scams to emerge this year targets tax professionals. First the attackers gain access to tax professionals’ computers, either through spear phishing campaigns or by installing malware. Client tax information is then stolen and fraudulent tax returns are files in the clients’ names. When the IRS processes the refunds, payments are sent to taxpayers’ bank accounts. Those taxpayers then receive a call or an email demanding the return of the funds which have been paid in error. The attackers claim to be from a debt collection agency used by the IRS or the IRS itself.
Don’t Become a Victim of a Tax Phishing Scam
Many taxpayers and businesses fall victim to tax phishing scams each year, especially during tax season when attacks increase; however, by taking some simple steps and being vigilant it is possible to identify scams and keep financial and personal data secure.
Any email, text, or telephone call that requests personal/tax information should be treated as a potential scam. If an email or text message is received that claims to be from the IRS demanding payment of outstanding taxes, an offer of a tax refund, or a threat of legal action, bear in mind that the IRS does not initiate contact via email or text message asking for personal information. If such a message is received, forward the email to firstname.lastname@example.org and contact the IRS or check your online tax account to find out if there is a genuine problem. Never use the contact information or links in an email and do not open an email attachment in an email that appears to have been sent by the IRS.
Businesses can include information about tax phishing scams in their security awareness training sessions, but departments that are likely to be targeted by cybercriminals – payroll, human resources, finance and accounting Etc.) should receive specific training ahead off the start of tax season. Sending monthly reminders about phishing attacks and other tax scams each month via email is also a good best practice.
Since most attacks start with a phishing email, businesses should ensure that they have an advanced spam filtering solution in place to block phishing and other emails at the gateway before they can be delivered to end users. SpamTitan is an ideal anti-spam solution for businesses and tax professionals to protect against tax phishing scams. The solution blocks more than 99.9% of spam and phishing emails and includes outbound email scanning to ensure that compromised email accounts cannot be used for spamming.
To protect against internet phishing scams, a web filtering solution is ideal. WebTitan prevents end users from visiting phishing websites, including blocking visits to malicious websites via hyperlinks in scam emails. The solution also blocks drive-by malware downloads and other web-based threats.
If you are a tax professional or you run a business and are unhappy with your current anti-spam or web filtering solution provider, or you have yet to implement either of these solutions, give the TitanHQ team a call today for further information on how these solutions can protect your business, details of pricing, and to book a product demonstration.