Proofpoint sheds light on this year’s IRS tax scams

It’s that time of the year again and while millions of Americans are scratching their heads trying to set up an online account with the IRS, cybercriminals are busy preying on vulnerable taxpayers with a wide variety of scams.

In an email sent to TechRadar Pro, the cybersecurity firm Proofpoint provided further insights on the main types of tax season phishing scams both consumers and businesses need to look out for this year. While there are a few main IRS-related phishing archetypes, there are actually hundreds of different variations that use attack vectors like email, text messages and even actual phone calls.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

One of the main tax scams involves cybercriminals attempting to gain access to a user’s personally identifying financial information (SSN, W2, unemployment compensation details, etc.) for the purpose of rerouting a tax refund to an attacker-controlled account. At the same time, cybercriminals and scammers also try to gain access to financial information to carry out espionage on a company or even to monetize it directly by selling it on online hacking forums.

Cybercriminals also try to gain access to a user’s account credentials with the aim of taking over their online accounts to steal funds or even to commit identity theft.

In all of these cases, threat actors are likely to leverage the IRS brand as they pretend to be a tax authority either communicating that a legitimate piece of information such as a change to a form or a process is needed or attempting to collect payment. Additionally, Proofpoint has observed a variety of non-IRS related tax scams in which cybercriminals advertise their “tax preparation services”.

How to spot tax scams and tax season phishing

Regarding the malicious content used in tax season phishing, cybercriminals deploy the same tactics they use all year round but this time, the number of potential victims is even higher as all US adults are required to file their taxes each year.

One tax scam observed by Proofpoint involves threat actors purporting to be the IRS with the claim of an additional refund. However, when a potential victim clicks the “Click Here” link in the malicious email, malware is installed on their system instead.

Cybercriminals also use malicious Word documents that require a user to enable macros. One such example installs and runs the Ave Maria backdoor if a user does fall for the scam and enables macros in the document. Other tax scams involve cybercriminals sending out tax documents such as W-9 forms that likewise install malware on their devices if a user enables macros or inputs the password into an encrypted document.

When it comes to avoiding tax scams each year, the first thing both consumers and businesses need to remember is that the IRS will never contact you by email or over the phone as the government agency prefers to do things the old fashioned way over the mail. IRS agents may try to call you but only after reaching out to you by mail first.

Just like with avoiding other online scams, you need to remain vigilant by not opening emails from unknown senders and especially ones with attachments. However, you should also avoid looking at your banking and other financial apps when connected to public Wi-Fi and if you must check your balance, be sure to turn on your VPN first.

Go to Source