IRS Issues Warning on Phishing Scam Surge in National Capital Area
With just a few days left before the end of the tax filing season, the Internal Revenue Service (IRS) ramps up its awareness campaign on the continuing rise of tax scams this year. In a security warning released yesterday, the IRS highlighted an uptick in schemes targeting residents of the National Capital area: Washington D.C., Maryland, and Virginia.
According to the security warning, the new phishing scam involves a simple hook with an evolved tactic. Email scammers will incite fear among its targets by citing tax fraud charges, compelling victims into verifying the last four digits of their Social Security Number through a link sent their way. To mask its malicious intent, cybercriminals will leverage recently reported data breaches to trick users into providing information.
IRS Commissioner John Koskinen notes, “As we approach the final days of this filing season, we continue to see these tax scams evolve.” Further, he states that no special effort or action has been undertaken by the agency to zero in on the people of the mentioned target areas. Koskinen continues, “As these criminals shift their tactics, the IRS remains committed to quickly warning the taxpayers who may be targeted. Taxpayers should be on the lookout for these scams.”
Last February, the IRS issued a similar warning stating a 400% uptick in scams—with a significant rise in fraudulent emails masquerading as official emails from tax authorities and the IRS. This type of elaborate scheme has not just turned individual taxpayers into victims, but also companies and corporations into giving up information. Stolen personal information can be sold in the underground or used to stage further attacks, particularly such as identity theft and financial fraud.
[Read: Delving in deep on IRS scammers]
In the past month or so, there have been a string of attacks on big corporations like Seagate, Snapchat, Sprouts Farmers Market, Pivotal Software, and even schools like Tidewater Community College and the Kentucky State University that use similar tactics to trick targets into giving up W-2 information.
According to a report, as of mid-March, only half of the expected 150 million tax returns have been duly filed with the agency. This can be used by cybercriminals to elevate the sense of urgency on emails directed to last-minute filers. Feigning legitimacy in every issued email is becoming easier as further information are sometimes requested to confirm recipients before tax refunds are released.
In turn, the IRS continues to urge taxpayers to be more vigilant when it comes to email messages and other forms of communication purporting to be from the agency. In a separate bulletin, IRS highlights the importance of identifying a legitimate request for information from the agency and the ones that are bogus and malicious. The agency notes, “The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.”
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases