With tax season in full the IRS warns of new tax-related phishing scams swing the IRS us warning citizens, tax preparers, HR personnel and payroll staffer of new tax phishing tax scams being implemented this year by cybercriminals.
So far this tax season the IRS has come across a steady stream of fake emails, text messages, websites and social media attempts to steal personal information, most of which claim to be from the IRS. One new variation spotted actually has the malicious actors depositing money into the victim’s legitimate bank account.
“After stealing client data from tax professionals and filing fraudulent tax returns, these criminals use the taxpayers’ real bank accounts for the deposit. Thieves are then using various tactics to reclaim the refund from the taxpayers, and their versions of the scam may continue to evolve, IRS reported.
In this case the scammer usually phones the victim to pressure them into releasing the funds.
Human resources and payroll departments are also being hit with business email compromise scams to obtain W-2 information from their files so they can file fraudulent tax returns. These email generally pose as someone in authority at a business or organization who asks for the W-2 info on its members.
The IRS said tax preparers should also be on the watch for unsolicited emails from their customers, personal or business contacts. These could contain malware that will exfiltrate tax information from the target system. This type of attack is expected to be of particular concern this year because a huge numbers of names and email addresses have been stolen and are available for use by cybercriminals.
Any suspected email received should be forwarded to the IRS at firstname.lastname@example.org.
“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig. “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”