Application security, Incident Response, TDR

Tax scam season has arrived

With the U.S. tax filing deadline looming, cybercriminals are putting fraud efforts into high gear with tax-related phishing emails and websites designed to lure users into handing over their personal information, security firms are warning.

Fraudsters generally exploit any major holiday or event, but tax season -- the deadline to file is Wednesday -- could yield them better results because users typically expect to provide personal data during this time, Jamz Yaneza, threat research manager at Trend Micro told Thursday.

A recent scam involves phishing emails claiming to offer "tax relief" services, Yaneza said. But the messages contain links to rogue websites that ask users to provide their confidential data.

“This is just one example, but there are thousands of these going around this season,” he said.

Many of the other phishing websites and emails have centered around tax refunds by claiming to offer faster reimbursements or ways to get refunds directly deposited into a checking or credit card account, Andrew Klein, product manager at internet security vendor SonicWALL, told Thursday.

In a similar vein, last month, the Federal Trade Commission warned consumers about fake government websites related to President Obama's stimulus package. The sites claimed to offer free money by joining a grant program.

These scams are not only numerous, but the fraud emails and websites are constantly changing, Yaneza said. The websites usually only stay up for about an hour thanks to increased collaboration between the security community and internet service providers to get the sites taken down.

The scams are getting slicker and often ask for all kinds of personal data.

“The people behind these scams are getting more and more professional, and if you're not used to receiving an email like that it's easy to get taken in,” Chas Roy-Chowdhury, head of taxation for the Association of Chartered Certified Accountants, told Thursday. “It might be one in 10,000, but there will always be someone that does fall for it.”

The Internal Revenue Service does not initiate any taxpayer communications through email, the agency said on its website, which also lists tips in dealing with this type of fraud, including actual examples of phishing emails.

To avoid becoming a victim, users should be cautious about with whom they deal online during tax season, Chowdhury said. When in doubt, users should contact the IRS to verify the legitimacy of tax-related email or websites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.