Fraudsters are waiting for consumers to take their bait amid the busy tax season as cases of phishing and malware incidents have already risen by 400%, according to the IRS.
The phishing is occurring through emails and text messages and is intended to trick people into believing the IRS or tax software companies are communicating with them in an official capacity.
The IRS said it is rare for the agency to initiate communication with taxpayers via email to obtain personal or financial information, and the same goes for text messages or social media. The phishing schemes are becoming more elaborate and the emails are obtaining information about filing status, refunds, personal information and even verifying PIN information.
The number of reported phishing and malware schemes in January alone was 1,026 incidents, compared to 254 from a year earlier. The IRS reported a similar increase in cases in February with 363 incidents reported from February 1 to 16, compared to the 201 incidents reported for all of February 2015.
“Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes,” said IRS Commissioner John Koskinen. “We urge people not to click on these emails."
What the Scams Ask For
One new trend the IRS has spotted is that hackers are asking for more personal tax information this year, which could enable them to file false returns and get a head start before consumers file their own return.
Once people click on the emails, they are sent to websites that imitate IRS.gov and also ask them for Social Security numbers and other personal information. Since these seemingly official websites often contain malware, the hackers gain access to computers and can easily access files or track keystrokes.
The popularity of consumers using their mobile devices to check social media means the opportunities for phishing are even greater since so many people “inherently trust” them, making them even more “susceptible” to phishing scams, said Marie White, CEO of Security Mentor, a Pacific Grove, Calif. security awareness training provider.
“For phishers, tax season is akin to fishing in a well-stocked lake,” she said. “The potential targets are plenty and some victims will always take the bait.”
Since the government does not request consumers for private information, consumers should never click on links or give out information over the phone. Your tax preparer should not seek personal information through this venue either, White said.
“If anyone else does, it’s best not to work with them,” she said. “This is a red flag that they don't know how to protect your data.”
How to Beat the Hackers
The IRS is attempting to combat this issue by strengthening their processing systems and fraud filters to catch the scammers who file false tax returns.
Avoid opening attachments from unknown senders and do not install software when you are not aware of its origins, said Mark Parker, a senior product manager at iSheriff, a Redwood City, Calif.-based provider of enterprise cloud security solutions.
Checking that your malware and phishing software is up to date is another good strategy, he said.
“Targeted attacks which are event-based have become the new normal,” Parker said. “Criminal enterprises are launching their own campaigns to gather valuable personally identifiable information or even access to the tax return itself.”
Cybercriminals are becoming increasingly savvier, especially during events that entice large groups of people such as holiday shopping, the Super Bowl or the NCAA tournament.
“It is much easier for the lion to hunt near a water source than it is for the lion to try to draw the prey to him,” he said. “In this case, tax season creates a watering hole for the criminals. Taxes are already a topic that bring about confusion and fear in many users, so it absolutely makes sense for the criminals to use that fear and confusion this time of year to their advantage.”
IRS tax fraud is becoming a burgeoning business since the current losses are running in the $6 billion range and could easily increase by four times in the short term, said Mary Ann Miller, a senior director of fraud executive advisor for NICE Actimize, a New York-based financial crime software solutions provider.
“More than 19 million suspicious tax returns were processed recently, suggesting a consumer victim behind every case,” she said. “This is identity theft at its ugliest. Other fraudsters buy consumer information on the ‘dark web’ or on the street, which is something law enforcement is always looking for.”