Tax season is upon us and therefore no surprise that digital criminals are going after taxpayers. In mid-January, for instance, AppRiver began monitoring a phishing email campaign targeting users of ADP, a human capital management solutions provider. The attack emails provided users a link to view their W2 information. Once clicked, those links redirected users to a phishing page disguised as the legitimate ADP login page. Malicious actors leveraged that page to collect users’ ADP credentials, allowing them to then authenticate themselves as their victims and conduct a number of subsequent attacks.
The campaign described above is just one of several scams which taxpayers should be aware of as we move deeper into this year’s tax season. As the U.S. Internal Revenue Service (IRS) notes, several others should also be on their radar.
Below explores these additional scams:
Social Security Number (SSN) Scam
Digital fraudsters have a history of trying to steal taxpayers’ SSNs. With this sensitive information in their possession, criminals can file fraudulent returns in their victims’ names and claim any resulting refunds.
These fraudsters have more than one use for Social Security numbers. Sometimes, they can simply abuse the fact that we all have SSNs to get what they want from their victims.
The IRS is well aware of the reality of this statement. The agency warned taxpayers to be on the lookout for a tax-related scam in which fraudsters threatened to suspend or cancel a recipient’s SSN unless they returned a robo-call voicemail. These nefarious individuals subsequently told individuals who returned their calls that they would take action against their Social Security numbers unless they submitted payment for an unpaid tax bill.
Taxpayers who receive this type of call should not give out any personal or payment information about themselves. Instead, they should simply hang up the phone.
IRS Impersonation Email Scams
Scammers are also known to masquerade as employees of the IRS. They use this disguise to trick their victims into revealing their relevant tax-related information. In some cases, however, they use their costume to lay the groundwork for conducting secondary attacks.
The IRS learned of one such attack in late 2019. At that time, taxpayers told the agency they had received unsolicited emails from individuals claiming to work for the IRS. With subject lines such as “Automatic Income Tax Reminder” and “Electronic Tax Return Reminder,” the attack emails instructed users to leverage a temporary password included in the message body to authenticate themselves on a seemingly legitimate website and thereby retrieve information about their tax refunds. Any attempts to access that information caused the campaign to download a malicious file onto their computer. Those responsible for this campaign were then in a position to use that file to download additional threats, including malicious software that could log their keystrokes and/or exfiltrate their sensitive data.
In response to this ruse, the IRS clarified that it never sends emails to taxpayers about their tax refunds and/or their sensitive tax-related information.
Bureau of Tax Enforcement Scam
Of course, the IRS isn’t the only disguise that digital attackers use to fool taxpayers. Malicious actors commonly create fabricated associations with numerous other entities to get what they want. Sometimes, they can even fabricate entire organizations to prey upon unsuspecting users.
After the April 2019 filing date, for instance, the IRS warned of a scam campaign targeting taxpayers with phishing emails and telephone scams. All of that correspondence threatened recipients with an IRS lien or levy on the grounds that they owed taxes to the “Bureau of Tax Enforcement.” This agency doesn’t exist, but by referencing the IRS, the scammers likely thought they could trick taxpayers into thinking the Bureau of Tax Enforcement was a legitimate entity. They could then use their victims’ fear to coerce them into paying for bogus taxes.
Tax-Related Phone Scams
Fraudsters commonly use the phone to impersonate the IRS or another tax-related agency. They’ll go to great lengths to cement this disguise, too. In one variation, for instance, the callers spoofed the telephone number of the IRS Taxpayer Advocate service office in either Houston or Brooklyn. The campaign used a robocall voice message to first establish contact with a taxpayer. Upon receiving a call back, the scammers then asked their victims to hand over their personal information such as their Social Security Number or Individual Taxpayer Identification Number (ITIN).
These types of scams come in all kinds of variations. For example, one version requested that victims provide their personal information in order to claim a large tax refund. Another used hostile and abusive calls to bully taxpayers into submitting payment by prepaid debit card or wire transfer for what they believed were their taxes.
Ghost Tax Preparers
Digital criminals don’t just impersonate the IRS or another tax-related agency, however. Sometimes, they pose as tax preparers and take advantage of taxpayers who are simply attempting to file a legitimate tax return.
Known as “ghost preparers,” these malicious individuals mimic legitimate tax preparers in that they work with taxpayers to prepare their returns. But they don’t sign the return and include their valid Preparer Tax Identification Number (PTIN). That’s because they commonly don’t have one. Instead, they instruct their victims to print their return, sign it and mail it to the IRS.
Ghost preparers are interested in one thing: making a buck. They tend to require payment in cash while promising a big refund for their clients. These individuals may also charge fees based on the percentage of the refund or falsify their clients’ returns by inventing income and claiming fake deductions. They might even direct refunds into their own account rather than their clients’ accounts once the IRS has processed their returns.
Tax Transcript Email Scam
Last but not least, malicious actors are known to use malware in an attempt to infect their victims’ computers and networks. The IRS learned of one such malware campaign in which taxpayers received emails pretending to originate from “IRS Online.” Those emails arrived with an attachment called “Tax Account Transcript” that downloaded a sample of Emotet, a well-known banking trojan and malware downloader family.
How Taxpayers Can Stay Safe This Tax Season
The scams discussed above highlight the importance of organizations taking steps to defend themselves and their users against tax-related scams. They can do so by following the IRS’ advice and educating their users about the dangers of a phishing email scam campaign. Even so, human defenses are only so strong. Human error is commonplace, and sometimes, a malicious email gets through.
Recognizing that fact, organizations should invest in a security solution that’s capable of analyzing incoming email messages based upon their IP addresses, campaign patterns, malware signatures and other indicators. It should use this information to flag suspicious email messages and protect the organization in real-time. That being said, this functionality should not disrupt normal business operations; the tool should therefore allow legitimate email messages to reach their intended destination.
Learn how AppRiver's Advanced Email Protection can strengthen your organization’s digital security defenses for this tax season.