Tax Season Turns Into Peak Scam Season

Tax season for fraudsters has no beginning or end, only a peak, because hackers constantly seek to steal identities from individuals, tax professionals and businesses to gain from fraudulent tax returns.

The IRS continued to warn taxpayers of the threats, ID theft, scams and schemes by issuing a number of alerts over the past year about the fraudulent use of the IRS name or logo by scammers. The IRS reported phishing as one of the most common forms of scam during tax season.

Recently, the IRS launched Identity Theft Central, intended to improve online access to information on identity theft and data security protection for all potential victims. The 24/7 site provides instructions for taxpayers on how to report identity theft and protect themselves against phishing, online scams and more.

The IRS noted improving awareness and outreach are hallmarks of initiatives to combat identity theft coordinated by the IRS, state tax agencies and the nation’s tax industry, all working in partnership under the Security Summit banner.

In December 2019 the IRS issued an extensive security alert reemphasizing how individual taxpayers, businesses and tax professionals are targets. “Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone or email to set up individuals, businesses, payroll and tax professionals.” The IRS emphasized it doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.

One of the latest twists has scammers claiming to be able to suspend or cancel the victim’s Social Security account. It is yet another attempt by con artists to frighten people into returning “robocall” voicemails. Another oldie but dangerous ploy on the IRS impersonation phone scam employs fake calls from the Taxpayer Advocate Service.

The IRS warned of other scams and schemes:

• Fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware.
• A sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds. Callers claim to be IRS employees, using fake names and bogus IRS identification badge numbers.
• Scammers tell victims they owe money to the IRS and must pay it promptly through a gift card or wire transfer. The scammers also often leave an “urgent” callback request.

Last August the IRS and its Security Summit partners warned about an IRS impersonation scam campaign spreading nationally in which malicious cyber-actors sent unsolicited emails to taxpayers from spoofed IRS email addresses. The emails instruct recipients to access refunds by entering a provided password on the spoofed website, which downloads malware enabling actors to take control of the infected system.

The IRS also warned how increasingly identity thieves target tax professionals. These criminals – many of them sophisticated, organized syndicates – try to gather personal data to file fraudulent tax returns.

A W-2 scam is one of several variations that focus on the large-scale thefts of sensitive tax information from tax preparers, businesses and payroll companies. The IRS urged employers to put protocols in place for the sharing of sensitive employee information and established a process that allows businesses and payroll service providers to quickly report any data losses related to a W-2 scam.

In November, Akamai’s threat research team revealed a phishing campaign impersonating the official IRS website used at least 289 different domains and 832 URLs over 47 days. Moreover, the campaign targeted over 100,000 victims worldwide.

James Carder, chief security officer of LogRhythm, pointed out tax season, or peak scam season, began in early February as millions of Americans could begin to e-file their taxes. Carder pointed out the IRS stated there were 649,000 confirmed fraudulent returns attempted to obtain $3.1 billion in refunds in 2018 and that in 2020 cybercriminals have already launched a phishing campaign targeting taxpayers by telling them their W-2 forms are ready and prompting them to click a malicious link.

Carder said, “There are criminal organizations around the world that do nothing but commit tax fraud. The key to their business model is to submit as many fraudulent claims as soon as possible — hoping they beat the legitimate filer to the punch so they can redirect the deposit to a bank account they own.” In addition, Carder suggested with more than eight billion records exposed in 2019 (according to Risk Based Security), it is very likely cybercriminals already have the personal data necessary to impersonate a lot of people. “If they don’t have the information needed, they’ll probably launch a phishing attack to steal remaining details.”

Erich Kron, security awareness advocate at KnowBe4, emphasized, “The first quarter of every year is fraught with tax-related scams.” This is a rather sneaky way for scammers to take advantage of people expecting tax forms deliveries during that time, he said. “From W-2 forms for employees to 1099′s and W-9 forms for independent contractors such as in this case, these types of attacks are very effective.”

Kron added, “Not only do you have the element of expectation of the form’s arrival; in many cases, people are in a hurry to file taxes in order to get a refund, so they are motivated to move quickly.”