Tax season has begun and so have the annual scams targeting tax professionals. Each year in the run up to the tax filing deadline, cybercriminals conduct scams in order to obtain electronic filing identification numbers (EFINs).
In the United States, the Internal Revenue Service (IRS) issues EFINS to tax professionals and individuals to allow them to file tax returns electronically. If cybercriminals obtain these EFINs they can file fraudulent tax returns in victims’ names to obtain tax rebates. Obtaining an e-file number of a tax professional will allow tax returns to be filed for many individuals, so these scams can be very lucrative.
These scams usually start with a phishing email using a lure to get the recipient to visit a malicious website where they are asked to provide information or upload documents that contain sensitive information. Alternatively, recipients are told to download files which silently install a malware downloader which ultimately gives the attackers full control of the victim’s computer.
Commonly, the spam emails spoof the IRS and instruct tax professionals to provide information or documents in order to prevent the suspension of their account. At such as busy time of year, suspension of an account is best avoided. Faced with this threat, tax professionals may provide the requested information.
One of the phishing emails recently intercepted spoofed the IRS by using the sender name “IRS Tax E-Filing,” with the subject line “Verifying your EFIN before e-filing.” The emails looked convincing and required “authorized e-file originators” to reverify prior to filing returns through the IRS system. The emails claimed the IRS had started using this new security measure to prevent unauthorized and fraudulent activities. The scammers requested a PDF file/scan of the EFIN acceptance letter and both sides of the individual’s driver’s license. Similar scams have been conducted that require tax preparers’ ID numbers and e-services usernames and passwords to be provided.
This year, in addition to the usual phishing emails spoofing the IRS, campaigns have been detected where the attackers claim to be potential clients looking for tax preparers ahead of the filing deadline. Attachments are provided that would typically be needed by tax preparers, but they are laced with malicious scripts that install keylogging malware that records and exfiltrates keystrokes, with are likely to include usernames and passwords.
Tax preparers that fall victim to these scams can suffer catastrophic damage to their reputations, so it is important to exercise caution when opening any emails and to stop and think carefully about any request to provide sensitive information or download files.
One of the easiest ways to protect against these scams is to implement an advanced spam filtering solution that can identify and block these malicious messages. SpamTitan is a powerful email security solution that identifies and blocks malware and documents containing malicious scripts with dual antivirus engines, sandboxing, and machine learning techniques. In addition to blocking malware threats, SpamTitan is highly effective at blocking phishing emails containing malicious links.
The award-winning spam filter is quick and easy to implement and maintain, requiring no technical knowledge. You can be up and running in minutes and protecting your inbox from phishing and malware attacks, which will allow you to concentrate on your business at this busy time of year and avoid costly cyberattacks.
For more information about SpamTitan, to book a product demonstration or to register for a free trail, give the SpamTitan team a call today.