The season is upon us. It’s definitely not Christmas, and there are very few people who would claim that the lead-up to April’s cutoff date is their favorite time of the year. If you thought that paying your dues to the IRS was already enough to worry about, get ready for some bad news:
It’s also scam season.
To celebrate the rising number of fraud and identity theft attempts, the helpful folk at everyone’s favorite government department have just begun their annual ‘Dirty Dozen’ campaign, listing the biggest tax scams that people need to be aware of.
Phishing Is Still King
The first entry on this year’s list is the ever-pervasive phishing scam. The IRS press release warns that phishing attacks “tend to increase during tax season and remain a major danger of identity theft.”
These phishing schemes can take many forms in their attempts to extract sensitive information (such as login credentials or credit card details) from targets. At this time of year, many attackers take advantage of the confusion and target their victims with tax-related scams.
“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig in the press release.
“Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”
Organizations Are Being Targeted As Well
It’s not just the individual who is being directly targeted either. Over time, a series of more sophisticated scams have evolved. One of these is known as business email spoofing (BES), which involves attackers sending convincing emails from a faked address.
Another is called business email compromise (BEC), which involves a hacker stealing the credentials of a target’s email account, then sending emails from that account to other victims, impersonating the account’s owner to manipulate these new victims into divulging information or transferring money.
The IRS also states that it is seeing a greater number of advanced scams that target the files of human resources personnel, tax professionals and other organizations. These targets tend to have extensive amounts of their client’s financial information, which hackers chase after in a number of different ways.
The hackers may pose as an employee and ask for a deposit to be rerouted to another account, act as a business and ask their target to pay a fraudulent invoice, or even pretend to be one of the victim’s associates and trick the victim into transferring money into the hacker’s account.
Due to the growing sophistication of these scams and their proliferation at this time of year, the IRS has warned tax professionals to be on high alert for any suspicious or unusual activity.
Keeping Yourself, Your Organization or Your Clients Safe
As part of the IRS’s campaign on combating identity fraud, it launched the Security Summit, a conference of various stakeholders aimed at coming up with solutions and mitigation strategies.
If you or your organization come across any phishing attempts that impersonate the IRS or related organizations, you should report the scam to firstname.lastname@example.org.