Tax Day Scams Spring Eternal

An astounding 6,000% increase in tax-related spam emails in the US from Dec. 2016 to Feb. 2017 can only mean one thing: Tax Day is a-loomin’.

April 15 is usually Tax Day in the States, but this year it’s been pushed to April 18 because it fell on Easter weekend. That gives the scammers just a few more days to eke out some thematic malicious activity.

IBM X-Force researchers found that general tax-themed spam showcased a more than 1,400% increase in activity from December 2016 – March 2017. Scammers often send spoof emails from a target organizations' CEO, requesting all employee W-2 information from human resources and accounting departments.

Seasonal phishing is going strong too. Criminals use the topical time of tax season to masquerade as the IRS, enticing consumers to open emails and files which have malware embedded. The malware then steals consumer’s passwords and other financial information.

Meanwhile on the Dark Web, IBM has seen criminals selling W-2s and tax information for about $40-$50, which can enable them to file false returns and possibly collect a return before the victim is able to file.

Those extra couple of days can really be lucrative in Procrastination Nation, too: More than 150 million US tax returns are filed each year, including 54 million filed after April 1 in 2016, or one third of Americans.

Aside from filing early (too late now), other tips to stay safe include:

  1. Sign up for a pin from the IRS: The IRS IP PIN is a six-digit number assigned to eligible taxpayers to help prevent the misuse of their Social Security number on fraudulent tax returns
  2. Be vigilant with your inbox: The IRS will never initiate contact with taxpayers by email, phone, text or social media to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts
  3. Be aware of spoofing emails
  4. Avoid clicking on email links from tax vendors: If you intend to self-file online, access your vendor’s website directly to ensure you’re accessing the trusted site

Now then, I’m going to go listen to “Tax Man” by the Beatles. And then maybe get my return together.

What’s Hot on Infosecurity Magazine?