IRS Scams to Watch Out For

By:  |  Category: Blog, Security Thursday, January 19th, 2017  |  No Comments

A friend of mine received an email from what she thought was her tax preparer claiming she owed $3000 in back taxes. When she called the number on the email of the  tax specialist to dispute the claim, she was told if she didn’t get the money to them ASAP they would send out the police to arrest her. Another call followed shortly from an actual police department line threatening her again. My friend was terrified. Fortunately, her boss called the bluff and called the police and her tax specialist who had no idea how the criminals had tapped into their email and phone lines.

Here’s how they did it:

PHASE 1: The Cybercriminals send an email to the tax preparer posing as a client interested in services from tax professionals. Something with the innocent subject “I need a preparer to file my taxes.”

The tax preparer responds, and the bad guys send a second email with a malicious attachment claiming to contain the client tax information. The tax preparer falls for this social engineering attack and opens the attachment (likely enables macros) and that compromises the machine and now the bad guys own the tax preparer’s computer.

PHASE 2: The bad guys now use the tax pro’s computer to send out legit looking emails to all the tax pro’ clients and get their financial records sent over to their own email address, so they can quickly file a fake tax return and pocket the money, using the illegally obtained information.

The cybercriminals have also figured out how to spoof phone lines similar to the police department and local businesses.

If you fall prey to their duplicity you won’t know until after tax season because when you file your own return, the IRS sends you a notice stating that “More than one tax return for you was filed”. That’s when the nightmare starts, because on average it takes the IRS a long, long time to resolve tax-related theft cases.

I suggest you send the following to your employees, friends and family.  

ALERT: Tax season scams are starting early this year and the bad guys are getting smarter by the month. The current scam works in two steps so watch out for possibly bogus emails for your tax information.

STEP 1: Cybercriminals are sending emails, posing as potential clients, and interested in services from tax professionals. The tax preparer responds, and the bad guys send a second email with a malicious attachment. The tax preparer falls for this social engineering attack and that compromises the machine and now the bad guys “own” the tax preparer’s computer.

STEP 2: The bad guys now use the tax pro’s computer to send out legit looking emails to all the tax pro’ clients and get their financial records sent over to their own email address, so they can quickly file a fake tax return and pocket the money, using the illegally obtained information.

So, when you get any email about your taxes, or your W2 from literally anybody, whether you know them or not, pick up the phone and verify with your known, trusted tax preparer that they actually sent you that email. If you send tax information via email, triple-check that the email address you are sending this to is correct and type it in yourself in the “To” field.

NEVER click on “reply” and attach your tax information, because that reply email address might be spoofed. Want to be 100% safe? Hand-carry your tax info to your preparer and do the tax return in person with them.

Samantha Keller

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
cyber crime
Cyber Crime Results in Free Train Rides

According to SonicWALL, the latest cyber crime and ransomware attack is reminiscent of a Robin Hood take down. Over the...

Close