Tax scam season has arrived

Share this article:
With the U.S. tax filing deadline looming, cybercriminals are putting fraud efforts into high gear with tax-related phishing emails and websites designed to lure users into handing over their personal information, security firms are warning.

Fraudsters generally exploit any major holiday or event, but tax season -- the deadline to file is Wednesday -- could yield them better results because users typically expect to provide personal data during this time, Jamz Yaneza, threat research manager at Trend Micro told Thursday.

A recent scam involves phishing emails claiming to offer "tax relief" services, Yaneza said. But the messages contain links to rogue websites that ask users to provide their confidential data.

“This is just one example, but there are thousands of these going around this season,” he said.

Many of the other phishing websites and emails have centered around tax refunds by claiming to offer faster reimbursements or ways to get refunds directly deposited into a checking or credit card account, Andrew Klein, product manager at internet security vendor SonicWALL, told Thursday.

In a similar vein, last month, the Federal Trade Commission warned consumers about fake government websites related to President Obama's stimulus package. The sites claimed to offer free money by joining a grant program.

These scams are not only numerous, but the fraud emails and websites are constantly changing, Yaneza said. The websites usually only stay up for about an hour thanks to increased collaboration between the security community and internet service providers to get the sites taken down.

The scams are getting slicker and often ask for all kinds of personal data.

“The people behind these scams are getting more and more professional, and if you're not used to receiving an email like that it's easy to get taken in,” Chas Roy-Chowdhury, head of taxation for the Association of Chartered Certified Accountants, told Thursday. “It might be one in 10,000, but there will always be someone that does fall for it.”

The Internal Revenue Service does not initiate any taxpayer communications through email, the agency said on its website, which also lists tips in dealing with this type of fraud, including actual examples of phishing emails.

To avoid becoming a victim, users should be cautious about with whom they deal online during tax season, Chowdhury said. When in doubt, users should contact the IRS to verify the legitimacy of tax-related email or websites.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.