Site icon Sophos News

IRS reports 400% increase in phishing & malware in the past 12 months

It’s tax season in the US. That means it’s also fraud season.

The US tax-filing season has only been under way for a month, but already the Internal Revenue Service is warning that it’s seen a 400% surge in phishing and malware compared with the previous tax year.

US taxpayers have been able to submit returns for the 2015 tax year as early as 19 January 2016. The deadline to file taxes is 18 April 2016.

That’s nearly two months away.

Accordingly, many of us are studiously averting our gazes from teetering piles of paperwork heaped on our dining room tables.

But fraudsters aren’t procrastinating. As the IRS has found, they’re getting a head start in their attempts to tackle our financial data.

The IRS warned on Thursday that it’s already seen a “dramatic” increase in official-looking text and email messages stuffed into inboxes.

The phishing messages are asking taxpayers about a wide range of sensitive information, including data related to refunds, filing status, confirmation of personal information, transcript orders and PIN verifications.

The messages are rigged to look official, as if they came from the IRS itself or from others in the tax industry, such as tax software companies.

The phishing attempts are being seen in every part of the country, the IRS says.

Fraudsters are in particular looking for information they can use to file bogus tax returns.

Clicking on their links whisks people off to sites rigged to look like official websites. Those sites ask for US taxpayer numbers, known as Social Security Numbers (SSNs), along with other personal data.

Besides phishing for such information, some of the sites are also boobytrapped with malware.

For example, some of the sites download keyloggers that record everything a victim types, including login details, and report it all back to a scammer.

Some specific numbers relating to what the IRS is seeing for phishing and malware incidents combined:

The IRS says that software companies, tax pros and state revenue departments have seen variations in the schemes, including phishing scams going after their online credentials to IRS services such as the IRS Tax Professional PTIN System.

We’ve also seen multiple versions of refund fraud in recent years, including automated attacks from crooks who’ve gone out of their way to get access to innocent users’ online tax submission accounts.

In May 2015, crooks used an online IRS system called Get Transcript to probe for taxpayers’ personal information that they could then use in refund fraud.

That system didn’t actually have anything to do with the system used to file taxes or get refunds. Rather, it was a reference portal used for retrieving returns from past years.

But that’s just what crooks needed to file fraudulent returns for this year.

They struck again with that type of attack a few weeks ago, with a PIN-stealing attack on the IRS that affected 100,000 taxpayers.

This time, the crooks used a list of known SSNs to try to get access to the IRS’s Get My Electronic Filing PIN portal.

How to spot tax phishers

If you get an unsolicited message that’s purportedly from the IRS or an associated organization, be suspicious.

The IRS generally doesn’t initiate contact with taxpayers by email, text or social media to request personal or financial information, the agency stressed.

These official-looking electronic communications often ask taxpayers to update important information by clicking on a link. Those links may be masked to appear like they’re linked to official pages, but they’re just heading for trouble. Don’t click on them.

These are some of the subject lines and requests the IRS is seeing in these scams:

You can report these scams by sending the messages to phishing@irs.gov.

Image of Phishing courtesy of Shutterstock.com

Exit mobile version