Tax Season 2021 – IRS Warns of New Tricks

Published On March 1, 2021 | By Tom Huskerson | News and Analysis, Now You Know

Need I tell you that tax season is scam season? You’ve been warned you before that cyber criminals have to two officials holidays, or hunting seasons, Christmas and tax season.

This year is no different and according to the IRS the game is the same but the tactics have changed. February saw the IRS publishing notifications aimed at tax professionals describing a phishing campaign that spoofs the IRS website with near exact replicas. The cyber criminals are trying to steal Electronic Filing Identification Numbers of tax preparers. The IRS issues these numbers to individuals or firms that have been approved as authorized IRS e-file providers. So the scam is all about the crooks pretending to be official tax preparers.

The phishing email scam attempts to entice tax preparers to email documents that would reveal their identities and Electronic Filing Identification Numbers. The cyber criminals can then use this information to file fraudulent returns by impersonating the tax professionals.

According to the IRS, in addition to stealing Electronic Filing Identification cyber criminals may also attempt to steal tax pros’ Preparer Tax Identification Numbers or e-services usernames and passwords.

Tricking the tax pros

The IRS warning includes information showing that fraudsters are impersonating potential clients of tax preparers. This tactic is more effective because more transactions are being conducted online due to the COVID-19 pandemic. The phishing emails likely contained a malicious attachment that, when opened, would download malware, such as information stealers designed to record keystrokes or harvest credentials.

Spoofing the IRS website

Security experts have pointed out that cyber criminals have been steadily improving at spoofing government domains for their phishing campaigns. They have been incorporating logos and language to give phishing messages a legitimate appearance.

Sherrod DeGrippo, senior director of threat research and detection at security firm Proofpoint said, “Threat actors often spoof government sites and logos to socially engineer their targets into providing information.”

“These types of attacks usually go beyond stealing simple authentication credentials, such as usernames and passwords, and attempt to steal personal information, including Social Security numbers and bank account information,” DeGrippo stated. “We also see a variety of malicious domains registered to trick victims into clicking and entering information. For example, ‘taxrefund,’ ‘taxrefund-claimhere’ and ‘claimrefundtax-online’ are just some of the domains registered with various TLD extensions that distribute malicious payloads or act as phishing landing pages.”

COVID-19 used as a scam tool

As if dealing with the pandemic is not enough! Now we have to look out for scammers using it as tool to rob us! The IRS and other federal agencies have detected scammers spoofing their sites as part of fraud campaigns designed to take advantage of federal COVID-19 economic relief programs.

Tonia Dudley, a strategic adviser at security firm Cofense, says these types of spoofing or phishing campaigns often are launched when new websites are created to support new government benefits programs.  The purpose of these scams is to steal credentials “to gain access to victims’ financial accounts or money – trying to lure funds away from the target recipient,” Dudley says. 

By May of last year Proofpoint was tracking about 300 phishing campaigns that spoofed government domains or incorporated language and logos in phishing emails, many of which began around the time tax season started last year and the COVID-19 pandemic escalated.

Every year we gear up to file taxes. At the same time the cyber criminals are gearing up to rip you off. Be on your game! Protect yourself from cyber fraud.

Now you know.



Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.