Tax scam season has arrived

Share this article:
With the U.S. tax filing deadline looming, cybercriminals are putting fraud efforts into high gear with tax-related phishing emails and websites designed to lure users into handing over their personal information, security firms are warning.

Fraudsters generally exploit any major holiday or event, but tax season -- the deadline to file is Wednesday -- could yield them better results because users typically expect to provide personal data during this time, Jamz Yaneza, threat research manager at Trend Micro told SCMagazineUS.com Thursday.

A recent scam involves phishing emails claiming to offer "tax relief" services, Yaneza said. But the messages contain links to rogue websites that ask users to provide their confidential data.

“This is just one example, but there are thousands of these going around this season,” he said.

Many of the other phishing websites and emails have centered around tax refunds by claiming to offer faster reimbursements or ways to get refunds directly deposited into a checking or credit card account, Andrew Klein, product manager at internet security vendor SonicWALL, told SCMagazineUS.com Thursday.

In a similar vein, last month, the Federal Trade Commission warned consumers about fake government websites related to President Obama's stimulus package. The sites claimed to offer free money by joining a grant program.

These scams are not only numerous, but the fraud emails and websites are constantly changing, Yaneza said. The websites usually only stay up for about an hour thanks to increased collaboration between the security community and internet service providers to get the sites taken down.

The scams are getting slicker and often ask for all kinds of personal data.

“The people behind these scams are getting more and more professional, and if you're not used to receiving an email like that it's easy to get taken in,” Chas Roy-Chowdhury, head of taxation for the Association of Chartered Certified Accountants, told SCMagazineUS.com Thursday. “It might be one in 10,000, but there will always be someone that does fall for it.”

The Internal Revenue Service does not initiate any taxpayer communications through email, the agency said on its website, which also lists tips in dealing with this type of fraud, including actual examples of phishing emails.

To avoid becoming a victim, users should be cautious about with whom they deal online during tax season, Chowdhury said. When in doubt, users should contact the IRS to verify the legitimacy of tax-related email or websites.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.