Prep for Taxes? Prep for Tax Scammers!

income-tax-491626_1920Tax season may be over, but that doesn’t stop fraudsters from trying to convince you that your taxes could land you in jail. It’s a common vishing scheme, powered by robocalls, and there are just as many email phishing schemes to go along with it.

Cyber criminals around the world  are hard at work, trying to convince you that they represent that Internal Revenue Service, so that they can successfully steal from you. The criminals will go out of their way to be courteous and helpful, but they will be firm — you have a tax problem — you owe money — you must address this quickly.

It’s official: The IRS reports that tax related phishing and malware attacks increase over 400% during tax season.

The most common tax-scams will attack you at home. The cons will begin with an official-sounding call or email that asserts that you owe back taxes or that there is an irregularity in your tax activity. Relax. You don’t owe back taxes — at least not the ones the scammer claims you do.

These schemes are surprisingly effective, especially when they are targeting older taxpayers, like your parents. Remember — the IRS will not call people about these kinds of issues, nor will the IRS reach out to individuals via email. They will communicate in writing.

When you get a letter from the IRS, you should worry. Not when you get a phone call or an email.

W-2 Scams

The second tax-related exploit attacks you at work or at home. This scheme is based on W-2 forms. Like most successful cyber scams, the attack is very simple.

It starts with an email with an attachment.

The subject of the email will be something like “Replacement W-2 Form” and the email will claim that your original W-2 form has an error that affects your reported taxes. For your convenience, a corrected W-2 form is attached to the email. Beware, the attached W-2 form is really a malware or ransomware payload – if you click on it you will infect your system, and possibly the corporate network.

This kind of fraudulent email usually arrives in your personal email, but in the most sophisticated of these schemes, it will arrive in your work inbox and seem to originate from your employer’s HR department. It’s even possible that your co-workers will received a similar email at the same time as you.

If you do receive this kind of email, contact HR as soon as possible, or if possible, walk over to HR and check into the matter personally. They will want to take immediate action, especially if it appears to be a large-scale coordinated attack at work. But no matter what you do, don’t click on the attachment, and don’t reply to the email or call the number in the email — you will just be communicating with the criminals.

Fraudulent Tax Filings in Your Name

Unfortunately, even if you manage to dodge all these cyberattack schemes, you’re not completely safe. Another kind of tax scam lurks out there – a much more damaging one. And you won’t know about it until you file your return.

If you are a victim, a cybercriminal will have already used your name, address and social security number to file a fraudulent tax return. If this has happened to you, when you go to file your actual taxes, your filing will be refused. This is a big problem. In most cases, it usually takes an average of 300 days — almost a year — to straighten out the problem.

What’s the easiest way to beat the criminals who want to file a return that uses your identity? File first. Get your taxes done and submitted to the IRS – then the criminals will be the ones whose tax return is refused

How does this happen? You can blame health care breaches. Over the past few years, hundreds of millions of health records have been stolen or exposed to cyber criminals. These compromised records contain names, addresses and social security numbers – the essential ingredients for filing a fraudulent tax return. With this personal information, it’s simple for the criminals to craft a bogus return, and — no surprise — it will be a return with a hefty refund.

Cyber criminals are active fifty-two weeks a year, but during tax season, they know that they have a unique opportunity. Because every household in the United States must file their taxes, communications about taxes are automatically high-priority communications, demanding attention.

Tips for Staying Safe From IRS Scams

  • The IRS won’t call you or email you “out of the blue.”
  • It only takes a moment to verify the legitimacy of any tax-related email that seems to come from your employer.
  • The sooner you file your return, the more likely you’ll be protected from a false return being filed in your name.

 Fortunately, just this past week 24 people who pleaded guilty to their involvement with a related vishing IRS scam.

*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Alexa Villanueva. Read the original post at: