Four tax scams to watch out for this tax season

Tax season is a ripe time for phishing and spreading malware; without fail, tax-related online scams remain a most popular type of phishing scam each and every year. Through our threat intelligence network, we have identified four types of tax scams that individuals and businesses should be wary of as they’re preparing to file their taxes in 2016.

Image

Benjamin Franklin once said that the only certain things in life are death and taxes. While individuals, businesses, and tax preparers get ready for tax season at the beginning of each year, another certainty exists: Cybercriminals will attempt to victimize these entities with tax-related scams.

Tax season is a ripe time for phishing and spreading malware; without fail, tax-related online scams remain a most popular type of phishing scam each and every year. Through our threat intelligence network, we have identified four types of tax scams that individuals and businesses should be wary of as they’re preparing to file their taxes in 2016.

"Your account or tax return is locked or restricted”

The first type of phishing scam arrives in the form of an email claiming to be from the Internal Revenue Service (IRS). The email states that the recipient’s tax return is restricted. We have also observed phishing emails impersonating TurboTax, a popular tax preparation software, claiming that the recipient’s TurboTax account is locked. In both cases, the goal is to convince them to click on a link, and submit their personal information to unlock their tax return or TurboTax account.

tax season

Figure 1. Fake IRS and TurboTax emails claiming the recipient’s tax refund is restricted or their account has been locked

“Update your tax filing information”

The second type of phishing email claims that the recipient needs to update their “tax filing information” or their tax return.

tax season

Figure 2. Fake IRS-branded emails asking the recipient to update their tax filing information

Most phishing emails contain a link to a fake site, where personally identifiable information can be captured and submitted to the cybercriminals. In some cases, the link is replaced by an HTML attachment.

“Tax payment was deducted from your account”

Owing the IRS money is often a scary prospect, so it comes as no surprise that cybercriminals are also sending out emails claiming that a tax payment was deducted from the recipient’s bank account.

tax season

Figure 3. Fake email claims tax payment was deducted and includes a “receipt”

Attached to the email is a “receipt” that acts as a reference for the deduction. It contains a malicious file that security software products detect as W32.Golroted.

“You are eligible to receive a refund”

On the flip side of being told they owe money to the IRS, being told that the IRS owes the recipient money and that they are eligible for a tax refund is an even greater prospect. While we do see these types of emails, we uncovered an interesting variation on this scam in 2016.

tax season

Figure 4. Fake email from the IRS seeking proof of identity documents

We see plenty of tax-related scams asking users to click on links or open up HTML attachments or malicious files on their computers; however, this particular scam asks the recipient to provide proof of identity. The requested proof of identity documents include a copy of a valid (signed) full passport as well as a scanned copy of a utility bill, bank statement, or credit card statement. Recipients are asked to send these documents to an @consultant.com email address.

Five tips to stay safe during tax season

When preparing to file your taxes this year and every year hereafter, here are some tips to keep in mind when receiving unsolicited communications.

  1. Be aware that the IRS does not initiate taxpayer communications through email—ever
  2. One of the biggest indications that an email is fake is when it addresses you as “sir”, “madam”, or “taxpayer”
  3. Do not click on any links or open any attachments claiming to be from the IRS, “Income Tax Department”, or your tax preparation company
  4. Report any emails claiming to be from the IRS by forwarding the emails to phishing@irs.gov
  5. Never respond to unsolicited emails requesting scanned copies of personal documents

Try to stay safe online this tax season, and remember that the deadline to file is on Monday, April 18.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.