Here are two phishing scams targeting on taxpayers that you shall have a look.
April 15 is the income tax due date. Although he was given about two months to prepare his returns, he procrastinated almost until the deadline. Several days before the deadline, he received an email from Internal Revenue Service (IRS) that friendly reminded him of filing his tax and provided a link to do this electronically. He did as the email requested. However, he was told that he still missed the deadline.
She got a different email after submitting her W-2 form. The email came from IRS, telling her that she was eligible for a 537-dollar tax refund. It gave her a link of Tax Refund Request Form for her to fill in online. “Easy,” she thought, and immediately finished the form. Strangely, she never received this refund ever since.
“I thought it was from IRS”
People receive emails whose claimed sender is IRS. The websites in these emails always look exactly the same as the real one, thus they hardly doubt.
However, when you open the link, scammers are able to steal your login credentials for the legitimate sites, as well as personal information like credit card numbers, health records without social security number (SSN) or even drivers’ license numbers.
Consequently, scammers use your stolen SSN to file a tax return claiming a fraudulent refund, which is called tax-related identity theft by IRS.
You may be unaware that this has happened until you efile your return and discover that a return already has been filed using your SSN.
Or, the IRS may send you a letter saying we have identified a suspicious return using your SSN. Because mail is how IRS typically contacts citizens.
Innovation in Tax-Related Phishing Scam
The battle between scammers and security experts never cease.
Apart from government agencies like IRS, scammers now also impersonate as other roles in your tax filing, such as accounting tools or technical support.
Some of the most basic scams Lookout uncovered are sites that impersonate accounting tools from the company Intuit, which makes popular software like and TurboTax.
These sites often use domain names that are very similar to the real ones, like “quickbooksltd.com” or “accounts-quickbooks.com.” (via Wired)
Tech support agents are increasingly needed when more than 135 million Americans filed their taxes electronically, according to the IRS. In the name of helping you through tech difficulties, they may ask for your login credential, personal information, or even implant malware in your computer.
Don’t Fall Victim
- Take advice from IRS for identity protection no matter you are individuals, tax professionals or businesses.
- Keep an eye on the latest form of tax email scams.
- Use a password managerinstead of reusing the same password across multiple accounts.
- Watch out for anyone, no matter tech support agents or accounting tools, who need to obtain your login information.
- Use an anti-phishing Outlook add-in to protect your mailbox.
While phishing scam boasts brilliant masquerade, it exposes many other clues to Mr. Post, an Outlook add-in for your email security.
For example, by detecting the email route, Mr. Post can tell whether it’s legitimate or suspicious, safe or dangerous; empowered by state-of-the-art computer vision technology, it can recognize the fake link even under ZeroFont – something popular in dodging Microsoft’s scam filtering; empowered by state-of-the-art computer vision technology, it can recognize the fake link even under ZeroFont – something popular in dodging Microsoft’s scam filtering.
Then you can either forward it to firstname.lastname@example.org or delete and move on.
Incorporating over 30 years’ experience of security experts, Mr. Post is now ready to shield you off tax email scams. Currently available on Microsoft AppSource.