Tax season phishing scams lead image.
Image: Getty Images/iStockphoto/utah778

Cybercriminals like to use seasonal trends and topics to make their scams as timely as possible. With April comes tax season, a time of year ripe for tax-related crimes designed to steal sensitive information. A new advisory from the IRS describes the different types of scams that pop up as people and organizations prepare to file their taxes.

Tax season is prime time for phone scams, the IRS cautions. In these infamous types of calls, which you can catch on YouTube, the scammers call someone and pretend to represent the IRS or another tax authority. The scammer claims that the person called owes a large sum of money and faces potential arrest unless they pay the amount due. Anyone who falls for the scam is often instructed to purchase gift cards to pay the funds.

In a related scam, a criminal calls someone claiming that they can help the person settle any overdue money or penalties due the IRS. Often known as “OIC Mills,” these scammers warn of a limited window of opportunity to resolve any tax debts through an Offer in Compromise program. Promising the taxpayer that such debts can be settled for pennies on the dollar, the scammer naturally collects any money without delivering anything in return.

SEE: Security incident response policy (TechRepublic Premium)

Some scammers aggressively target particular groups of people. In one sophisticated phone scam, the attacker goes after recent immigrants. Impersonating an IRS employee, the criminal tells the victim that they owe money to the IRS and threatens them with arrest or deportation if the money is not paid.

In another scam, the criminal uses video relay services to try to scam people who are deaf or hard of hearing. And yet another scam targets tax professionals with phishing emails that try to steal their tax preparation credentials with the goal of filing fraudulent returns to get refunds.

But one of the most common types of scams involves criminals posing as tax authorities or members of a company’s accounting department. Using social engineering, the attacker tries to obtain tax-related data such as social security numbers or personal bank account details. To do this, the scammer will employ a variety of tactics.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

In certain cases, they’ll email the victim file attachments that attempt to install malware. In other cases, they’ll send fake authentication messages through SMS to prompt the employee to enter login credentials on a malicious site. And in yet other cases, they’ll call the employee on the phone and instruct them to download an app or visit a website to access purported compromised tax documents.

“Tax returns are dense with personal information, including social security numbers and addresses, and dependents’ personal information, such as property addresses and bank account information,”  said Atif Mushtaq, founder and chief product officer at SlashNext. “This information can be sold on the dark web or used in future social engineering attacks that could lead to account takeovers and ransomware. The most lucrative way to monetize tax returns is to file fraudulent returns for tax refunds. Stolen Identity Refund Fraud (SIRF) is a million-dollar business run by organized cybercriminals with millions of fraudulent tax returns filed every year.”

How to stay safe

To help protect you from tax-related scams, Joseph Carson, chief security scientist at Delinea, offers several tips:

  • Develop better cybersecurity hygiene by learning how to detect email scams.
  • Use a good email spam filter to help ensure that email scams don’t end up in your inbox.
  • If a suspicious email gets through, go to the actual website of the organization referenced in the message and call the customer support number. Don’t call any phone numbers listed in the email, as they’re likely to lead you to the scammers.
  • Check the email sender address and not the display name.
  • Check the email for spelling mistakes.
  • Check any hyperlink addresses by hovering over them to see where they go, but don’t click on the links themselves.

For additional tips to help users stay safe online, check out this Security Awareness and Training policy from TechRepublic Premium.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays