Uncle Sam isn't the only one looking for your money during tax season. Fraudsters are using the build up to the April 18 tax filing deadline to spread malware and launch phishing attacks designed to help them file fraudulent tax returns and steal people’s refunds. Here’s a run-down of some of the common tax-season schemes the bad guys are running and how people and companies can avoid getting scammed, according to Cybereason CISO Israel Barak.
Business email compromise scams
In business email compromise scams, attackers posing as a company executive send well-crafted emails to the business’ human resources or payroll department and ask for a list of all employees and their W-2 records, which includes personal information like home addresses, Social Security numbers and salaries. This information is then used to file fraudulent W-2 records.
The IRS noted that these schemes began appearing in 2016 and are now targeting a wider range of businesses, including schools, health-care organizations and chain restaurants. In fact, more than125 organizations were affected by phishing scams targeting W-2 records in the first quarter of 2017.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen in a press release.
Any emails requesting W-2 information should be scrutinized, Barak said. Attackers know that employees are eager to quickly carry out tasks from a high-level manager, especially ones that deal with taxes and people’s returns.
He suggests that people look over email address to make sure it’s a valid company email address. “The fake email addresses attackers create a very similar to the real ones to trick people into believing the email is legit. Often times they’ll make small changes that are hard to see, like adding a letter to a person’s name or a punctuation mark.” Picking up the phone and calling the person who supposedly requested the data is also a good way to authenticate the email, he said.
An email that comes from what appears to be an executive’s personal email account should be a red flag, Barak said. “Executives don’t typically use their Gmail account to ask for sensitive employee information."
“Have an online tax account, both with the IRS and state regulators, even if you don’t file online and mail in your taxes,” Barak said. Scammers file fake returns online. Having an online account prevents them from creating one in your name, he said.
Phishing scams
Attackers are also launching various phishing scams related to tax season. In one scheme, attackers send phishing emails claiming to be from the IRS, a state tax agency or another entity related to filing taxes, like an accountant. The email could, for example, instruct people to click on a link in the email to download a form that’s supposedly necessary for them to file their returns. Clicking on the link, though, could result in malware being downloaded. Attackers could also send out phishing emails supposedly from tax entities instructing people to enter the credentials for their online tax account information, Barak said, adding that these emails are fake since the IRS and state tax offices don’t ask people for this information by email.
People should make sure that the email domain is legitimate, said Barak. For instance, the IRS domain is .gov, not .com, .net or any other domain. He also instructed people to review the IRS website for guidance on how to avoid fraud, identity theft and phishing during tax season.
Another phishing scheme targets taxpayers and people who prepare taxes and began appearing last week, according to the IRS. In these scams, criminals pose as taxpayers and ask the tax preparer to place their refund on a prepaid debit card instead of directly depositing into a bank account.
Barak recommends that tax preparers who receives an email making this request immediately contact their client. “Criminals use prepaid debit cards as a mechanism to transfer a person’s tax refund to them. It gives them physical access to the refund,” he said.
And if you find yourself targeted by tax season scams or, even worse, a victim, alert the proper tax authority, Barak said.
Do these tax scams work?
According to Barak, the success rate of tax-related scheme is high with a 40 percent to 45 percent success rate. The IRS’ ability to detect these scams has improved over the years so attackers are now focused on hijacking a person’s state refunds.
“State tax authorities aren’t as sophisticated at dealing with this,” he said. Despite the IRS crackdown, criminals are interested in federal refunds since they are more lucrative than state refunds.
“State returns average $100 to $200 but federal refunds is more so that’s why they go after federal returns,” Barak said.
