Tax season has arrived – and so have the scammers. Unfortunately, crooks either prey on people’s sense of fairness and willingness to comply with authority, or appeal to a taxpayer’s fear of paying late or not complying with the law.
Patrick Wheeler, director of threat intelligence, for Proofpoint, says social engineering is increasingly common and very effective, plus fraudsters are packing attachments and links with banking Trojans and fairly new strains of ransomware.
“In the past, the tax lures were laggards,” Wheeler says. “But not this year. They’ve been adopting more of the phishing trends and tactics that we see all year ‘round.”
Carl Leonard, principal security analyst at Forcepoint, says scammers also use various phishing scams to collect a victim’s personal financial information.
“The scams range from a letter from the IRS promising a $7.5 million refund, to a promise from Her Majesty’s Revenue and Customs in the UK that says people can pay their taxes in the form of iTunes vouchers.”
While it can get silly, the results can be serious. Proofpoint’s Wheeler says most of these scams were discovered in February and will be active through the end of tax season.
Organizations that receive a phishing email scam involving the IRS or a W-2 form should forward it to [email protected] and place “W2 Scam” in the subject line. Organizations that fall victim to these scams should also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).