Proofpoint sheds light on this year’s IRS tax scams

Tax season is like Christmas for cybercriminals

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

It’s that time of the year again and while millions of Americans are scratching their heads trying toset up an online account with the IRS, cybercriminals are busy preying on vulnerable taxpayers with a wide variety of scams.

In an email sent toTechRadar Pro, the cybersecurity firmProofpointprovided further insights on the main types oftax season phishing scamsboth consumers and businesses need to look out for this year. While there are a few main IRS-related phishing archetypes, there are actually hundreds of different variations that use attack vectors like email, text messages and evenactual phone calls.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022.Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

One of the main tax scams involves cybercriminals attempting to gain access to a user’s personally identifying financial information (SSN, W2, unemployment compensation details, etc.) for the purpose of rerouting atax refundto an attacker-controlled account. At the same time, cybercriminals and scammers also try to gain access to financial information to carry out espionage on a company or even to monetize it directly by selling it ononline hacking forums.

Cybercriminals also try to gain access to a user’s account credentials with the aim of taking over their online accounts to steal funds or even to commitidentity theft.

In all of these cases, threat actors are likely toleverage the IRS brandas they pretend to be a tax authority either communicating that a legitimate piece of information such as a change to a form or a process is needed or attempting to collect payment. Additionally, Proofpoint has observed a variety of non-IRS related tax scams in which cybercriminals advertise their “tax preparation services”.

How to spot tax scams and tax season phishing

Regarding the malicious content used in tax season phishing, cybercriminals deploy the same tactics they use all year round but this time, the number of potential victims is even higher as all US adults are required to file their taxes each year.

One tax scam observed by Proofpoint involves threat actors purporting to be the IRS with the claim of an additional refund. However, when a potential victim clicks the “Click Here” link in the malicious email,malwareis installed on their system instead.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cybercriminals also use maliciousWorddocuments that require a user toenable macros. One such example installs and runs the Ave Maria backdoor if a user does fall for the scam and enables macros in the document. Other tax scams involve cybercriminals sending out tax documents such as W-9 forms that likewise install malware on their devices if a user enables macros or inputs the password into an encrypted document.

IRS will let tax payers opt out of facial recognition, but there’s a big catch>Warning - these tax credit scam websites could steal your identity>GoDaddy partners with Avalara to automate ecommerce sales tax

When it comes to avoiding tax scams each year, the first thing both consumers and businesses need to remember is that the IRS willnever contact you by email or over the phoneas the government agency prefers to do things the old fashioned way over the mail. IRS agents may try to call you but only after reaching out to you by mail first.

Just like with avoiding other online scams, you need to remain vigilant by not opening emails fromunknown sendersand especially ones with attachments. However, you should also avoid looking at your banking and other financial apps when connected topublic Wi-Fiand if you must check your balance, be sure to turn on yourVPNfirst.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin