Paying taxes is a tedious task, albeit an important one. Threat actors love to take advantage of situations where potential victims are likely to take action in haste and anxiety. The annual tax season is surely one of them.
It’s common for bad actors to impersonate IRS officers and call you between March and July to mislead you into a panicking situation, requiring immediate action from you. They may scare you under the false pretexts that you will lose all your money, or be imprisoned for breaking financial laws, etc. Another tactic is calling taxpayers by impersonating tax authorities and requesting personal and financial details to redirect the rebates to their accounts.
In fact, as per the TIGTA’s Final Results of the 2023 Filing Season report, tax for almost $13.8 billion was detected as fraud by identity theft filters. The report further shared that the IRS confirmed 87,591 tax returns as fraudulent, stopping the issuance of $1.2 billion in fraudulent refunds.
AI is Worsening the Tax Scam Issue
AI benefits tax authorities by simplifying and automating tasks. On the other hand, threat actors exploit it to generate convincing yet fake tax scam emails and call scripts targeting taxpayers. They are also misusing technology to clone voices, alter images, and create fake videos to mislead people.
Cybercriminals also create fake W2 and 1040 forms using AI and sell them on the dark web to unsuspecting individuals, who further use these forms to trick people.
High-Risk Details Cybercriminals Are Looking for
A lot of sensitive financial and personal details are exchanged between individuals and the IRS, and some of the data threat actors try stealing are-
- Social Security Numbers
- State ID
- Employer Identification Numbers
- Centralized Authorization File Numbers
- Bank account numbers
- Debit and credit card details
- Email account passwords
- Access Codes
Common Tax Scams
Although anyone can be a victim of tax scams, prime targets are people over 60, new taxpayers under 25, Green Card holders, and small business owners. But irrespective of whether you are under the category of prime targets or not, be wary and watchful of these common tax scams-
1. Information Verification Scam
Bad actors impersonate officials and call or email you, asking for personal and financial details under the pretense of verifying them before filing the tax. You may be asked over an email to visit a link that will redirect you to a counterfeit website where you will have to share the requested details. Refrain from visiting such websites; the IRS officially contacts through the United States Postal Services, and not emails or phone calls.
2. Overdue Tax Collection Scam
Scammers call taxpayers to inform them that they owe more tax than they have filed and scare them into hastily paying the additional amount by claiming to detain them for the wrongful practice of underpaying taxes.
However, the official IRS website says that nobody from the department will call you to demand immediate payment, especially through debit or gift cards. Such unreasonable demands are a sign of impersonation and phishing attacks, so it’s advised to confirm through contact details listed on the official IRS website to proceed.
3. Unclaimed Refund Scam
Be wary of emails or couriers claiming to be from the IRS that inform you of a sizable tax refund and request that you collect it through unofficial and suspicious links or websites. Please know that legitimate tax refunds are not claimed through links or by sharing any personal details anywhere. Moreover, as mentioned above, the IRS doesn’t contact taxpayers via email; they only use the United States Postal Services.
4. Social Security Suspension Scam
Don’t get fooled into sharing any details if someone calls you claiming your Social Security Number is at the risk of being suspended or blocked forever. This is most likely an attempt to steal your identity for malicious purposes.
General Anatomy of a Tax Refund Scam
This is how a tax season phishing scam usually unfolds-
-
Branding
Cyber actors begin executing a phishing attack by designing a website, page, brochure, PDF, etc., with the branding of an organization you recognize and trust. In the case of tax scams, it’s websites like the IRS, tax preparation agencies, and similar service providers.
-
Emotional Content
Next, they exploit human emotions. The emails or phone calls will either make you hopeful if they tell you that they owe you a big refund or scare you by claiming that you underpaid the tax and will be liable to legal action.
-
Urgency
Urgency is one of the strongest weapons because it can compel people to take irrational, impulsive, and mindless actions. They may push you into making an urgent payment to sidestep being liable for legal actions.
-
The Click
Bad actors aim to lure you away from your inbox to malicious web pages, whether using a link or a QR code. These websites are infected with injectable malware or include forms that ask you to fill in personal and financial details.
Preventive Measures against IRS Impersonation/Tax Scams
Deploying email security measures like email filters, encryptions, MFA, SSL-TLS, and DMARC is undoubtedly helpful, but they don’t suffice. It’s ultimately your mind that needs the training to avoid falling for such traps. Here’s what you need to be mindful of-
-
Abstain From Sharing Your Personal/Financial Information
Don’t share your personal details with random recipients just because they asked you to. Even if you recognize and trust the recipient, encrypt your attachments so that nobody steals or tampers with them in transit. Moreover, avoid accessing emails altogether over public Wi-Fi networks.
-
Watch Out for Red Flags
The following are considered red flags of unsolicited and scam-y emails and phone calls, so be careful if you notice them-
- Sense of urgency, arrest threats, or other legal action.
- Demanding immediate payments, especially via gift cards or wire transfers.
- Unprofessional language, poor grammar, and low-quality graphics.
- Redirection to suspicious websites.
- Unrealistic promises or requests
- Unexpected calls
- Requests for personal details like Social Security Numbers over phone calls.
- Unsolicited tech support, especially if they ask for remote access to your computer or request payment for services
-
File Your Return Early
By filing your taxes early, you minimize the time your personal and financial information is vulnerable to phishing attacks. Phishing scams often surge closer to tax deadlines, when individuals rush to gather their pay stubs and other financial documents for filing. Filing early helps you avoid falling victim to these last-minute scams.
-
Take Confirmations
Even if you receive unsolicited emails and calls claiming a significant tax refund or accusing you of underpaying taxes, confirm by calling or emailing the contact details mentioned on the official website.
To do this, go to your browser, manually type the name of the taxing authority, and visit their website to get their contact details. Remember, you are the first line of defense against such scams, so be a well-informed and strong fortifier.
Final Words
As tax season draws closer, it’s crucial to remain vigilant against the rising tide of tax scams and IRS email impersonation attacks. With cybercriminals becoming increasingly sophisticated in their tactics, it’s more important than ever for taxpayers to stay informed and adopt robust security measures to protect themselves and their sensitive financial information.
By staying alert, verifying communication from the IRS, and utilizing trusted channels for tax-related inquiries, individuals and businesses can minimize the risk of falling victim to these malicious schemes. Remember, knowledge and awareness are our best defenses against tax fraud, ensuring a safer and more secure financial future for all.
- PowerDMARC in 2024: A Year in Review - December 24, 2024
- Travel Cybersecurity Threats and How to Stay Protected - December 18, 2024
- Cybersecurity Best Practices for Digital Nomads in Japan - December 17, 2024