April 17 marks this year’s Internal Revenue Service (IRS) tax filing deadline, and many consumers are rushing to complete and file their returns. Unfortunately, cybercriminals also use tax season as a social engineering lure to trick people into giving them their credentials, money, and personal information — from fake IRS phone scams and email, fraudulent online services, and phishing techniques.
IRS tax scams typically begin with cybercriminals sending spam email to potential victims. When the user opens a malicious attachment or clicks a link found in the email, malware, normally a spyware, banking trojan, or a remote access trojan (RAT), spreads and steals the victim’s personal identifiable information (PII), which an attacker can use to gain access to financial accounts.
These tax-related scams have become so prevalent that in 2004 the IRS came up with a list of tax fraud scams to help taxpayers stay safe from fraudsters. Dubbed "The Dirty Dozen," these 12 tax scams continue to deceive and compromise users.
Social engineering email related to tax season affected the most victims in countries such as the U.S., Australia, and New Zealand. Users in the U.K. are also targeted by tax-related spam with malicious attachments. Below are a few samples of tax fraud emails:
This socially-engineered spam email pretends to be a refund notification from the Australian Tax Office (ATO), saying that the recipient is eligible for a hefty refund. It instructs the user to open the attached archive and extract the files in their system to get the refund.
The keywords used in the phishing email sample below uses Tax Exemption Notification as the email subject. To appear legitimate, the email body contains an image banner of the IRS. The message tells the recipient that he is exempted from reporting and that he is eligible for other financial benefits. The sender pretends to assist the recipient, but in reality, the cybercriminal behind this scam is phishing for information by urging the user to give out sensitive information by completing the fake W-8BEN form in the attached PDF file.
This tax-related scam appears to come from HM Revenue and Customs, a U.K. government institution. It tricks users into opening the message by using the subject “tax refund.” Users who fall for this lure are invited to download the form attachment, which then opens in a browser. The form is a phishing page that captures information.
Ransomware operators also take advantage of taxpayers in Australia and New Zealand by sending spam email using “penalty tax” in its subject heading. Users who click on the More Information button are led to the following landing page, while the cryptolocker malware is downloaded to the victim’s system. In February, spam email that used tax-related lures delivered Rapid ransomware. The IRS regularly issues scam alerts so taxpayers can avoid them.
Indeed, taxpayers should exercise more caution to protect from IRS tax scams. Never open links or attachments that come from unexpected or suspicious senders, especially when they claim to be from officials or agents of government organizations. Unsolicited email from an IRS-related component such as Electronic Federal Tax Payment System (EFTPS) should be immediately reported to the IRS via email@example.com. It also helps to stay abreast of the latest security threats and use the latest security technologies such as Trend Micro’s File, Web, and Email Reputation services as they effectively block access to malicious sites and spam email, as well as detect malware.
To help you avoid IRS scams, here are the things that the IRS will never do:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.