Skip to main content

Proofpoint sheds light on this year’s IRS tax scams

Person Doing Taxes
(Image credit: Shutterstock)
Audio player loading…

It’s that time of the year again and while millions of Americans are scratching their heads trying to set up an online account with the IRS (opens in new tab), cybercriminals are busy preying on vulnerable taxpayers with a wide variety of scams.

In an email sent to TechRadar Pro, the cybersecurity firm Proofpoint (opens in new tab) provided further insights on the main types of tax season phishing scams (opens in new tab) both consumers and businesses need to look out for this year. While there are a few main IRS-related phishing archetypes, there are actually hundreds of different variations that use attack vectors like email, text messages and even actual phone calls (opens in new tab).

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

One of the main tax scams involves cybercriminals attempting to gain access to a user’s personally identifying financial information (SSN, W2, unemployment compensation details, etc.) for the purpose of rerouting a tax refund (opens in new tab) to an attacker-controlled account. At the same time, cybercriminals and scammers also try to gain access to financial information to carry out espionage on a company or even to monetize it directly by selling it on online hacking forums (opens in new tab).

Cybercriminals also try to gain access to a user’s account credentials with the aim of taking over their online accounts to steal funds or even to commit identity theft (opens in new tab).

In all of these cases, threat actors are likely to leverage the IRS brand (opens in new tab) as they pretend to be a tax authority either communicating that a legitimate piece of information such as a change to a form or a process is needed or attempting to collect payment. Additionally, Proofpoint has observed a variety of non-IRS related tax scams in which cybercriminals advertise their “tax preparation services”.

How to spot tax scams and tax season phishing

Regarding the malicious content used in tax season phishing, cybercriminals deploy the same tactics they use all year round but this time, the number of potential victims is even higher as all US adults are required to file their taxes each year.

One tax scam observed by Proofpoint involves threat actors purporting to be the IRS with the claim of an additional refund. However, when a potential victim clicks the “Click Here” link in the malicious email, malware (opens in new tab) is installed on their system instead.

Cybercriminals also use malicious Word (opens in new tab) documents that require a user to enable macros (opens in new tab). One such example installs and runs the Ave Maria backdoor if a user does fall for the scam and enables macros in the document. Other tax scams involve cybercriminals sending out tax documents such as W-9 forms that likewise install malware on their devices if a user enables macros or inputs the password into an encrypted document.

When it comes to avoiding tax scams each year, the first thing both consumers and businesses need to remember is that the IRS will never contact you by email or over the phone (opens in new tab) as the government agency prefers to do things the old fashioned way over the mail. IRS agents may try to call you but only after reaching out to you by mail first.

Just like with avoiding other online scams, you need to remain vigilant by not opening emails from unknown senders (opens in new tab) and especially ones with attachments. However, you should also avoid looking at your banking and other financial apps when connected to public Wi-Fi (opens in new tab) and if you must check your balance, be sure to turn on your VPN (opens in new tab) first.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.